You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by Enrico Olivelli <eo...@gmail.com> on 2021/11/05 08:23:50 UTC
Missing check on .jar files committed to the source repo
Hello,
This patch [1] contains a .jar file that must not be committed to the
source repository.
We generally cannot commit binary files to the source repo, as it won't be
"open source" anymore.
When we are permitted to commit binary/compiled code, there must be a very
good reason and it must be approved explicitly and noted somewhere (NOTICE
file?)
My point here is that we are missing some automated check to prevent such
accidental commits.
I believe that we have to add a check to be run at every PR validation and
during the release process that our source distribution does not contain
compiled code.
Thoughts ?
Enrico
[1] https://github.com/apache/pulsar/pull/12535
Re: Missing check on .jar files committed to the source repo
Posted by Dave Fisher <wa...@apache.org>.
> On Dec 3, 2021, at 11:45 AM, Michael Marshall <mm...@apache.org> wrote:
>
>> Automated checks are useful because we are human and we usually miss to
>> validate this kind of boring stuff.
>
> +1 I think it sounds appropriate to add an automated check. If a use
> case arises where we need to add compiled files, we'll also need a way
> to bypass/override this check.
For example, have a look at why grade wrapper jars cannot be included - https://issues.apache.org/jira/browse/LEGAL-570
Regards,
Dave
>
> Michael
>
> On Fri, Dec 3, 2021 at 7:10 AM Enrico Olivelli <eo...@gmail.com> wrote:
>>
>> Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
>> ha scritto:
>>
>>> I agree. I mean that the situation can be easily judged during the review
>>> process. So I think the automated check sames not so valuable.
>>> If you prefer, I have no objection.
>>>
>>
>> Automated checks are useful because we are human and we usually miss to
>> validate this kind of boring stuff.
>> It is very like LICENSE headers, NOTICE files, checkstyle....
>> :-)
>>
>> Enrico
>>
>>>
>>>
>>> Thanks
>>> ZhangJian He
>>>
>>> Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道:
>>>
>>>> Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
>>>>
>>>> ha scritto:
>>>>
>>>>> Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
>>>>> check, the reviewers can find if it's reasonable.
>>>>>
>>>>
>>>> For some files there are specific acceptance rules.
>>>> But we cannot commit other files that are not needed.
>>>>
>>>>
>>>> Enrico
>>>>
>>>>
>>>>>
>>>>> Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
>>>>>
>>>>>> ping
>>>>>>
>>>>>>
>>>>>> Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
>>>>>> eolivelli@gmail.com>
>>>>>> ha scritto:
>>>>>>
>>>>>>> Hello,
>>>>>>> This patch [1] contains a .jar file that must not be committed to
>>> the
>>>>>>> source repository.
>>>>>>> We generally cannot commit binary files to the source repo, as it
>>>> won't
>>>>>> be
>>>>>>> "open source" anymore.
>>>>>>>
>>>>>>> When we are permitted to commit binary/compiled code, there must
>>> be a
>>>>>> very
>>>>>>> good reason and it must be approved explicitly and noted somewhere
>>>>>> (NOTICE
>>>>>>> file?)
>>>>>>>
>>>>>>> My point here is that we are missing some automated check to
>>> prevent
>>>>> such
>>>>>>> accidental commits.
>>>>>>> I believe that we have to add a check to be run at every PR
>>>> validation
>>>>>> and
>>>>>>> during the release process that our source distribution does not
>>>>> contain
>>>>>>> compiled code.
>>>>>>>
>>>>>>> Thoughts ?
>>>>>>>
>>>>>>> Enrico
>>>>>>>
>>>>>>> [1] https://github.com/apache/pulsar/pull/12535
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
Re: Missing check on .jar files committed to the source repo
Posted by Michael Marshall <mm...@apache.org>.
> Automated checks are useful because we are human and we usually miss to
> validate this kind of boring stuff.
+1 I think it sounds appropriate to add an automated check. If a use
case arises where we need to add compiled files, we'll also need a way
to bypass/override this check.
Michael
On Fri, Dec 3, 2021 at 7:10 AM Enrico Olivelli <eo...@gmail.com> wrote:
>
> Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
> ha scritto:
>
> > I agree. I mean that the situation can be easily judged during the review
> > process. So I think the automated check sames not so valuable.
> > If you prefer, I have no objection.
> >
>
> Automated checks are useful because we are human and we usually miss to
> validate this kind of boring stuff.
> It is very like LICENSE headers, NOTICE files, checkstyle....
> :-)
>
> Enrico
>
> >
> >
> > Thanks
> > ZhangJian He
> >
> > Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道:
> >
> > > Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
> > >
> > > ha scritto:
> > >
> > > > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > > > check, the reviewers can find if it's reasonable.
> > > >
> > >
> > > For some files there are specific acceptance rules.
> > > But we cannot commit other files that are not needed.
> > >
> > >
> > > Enrico
> > >
> > >
> > > >
> > > > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
> > > >
> > > > > ping
> > > > >
> > > > >
> > > > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > > > eolivelli@gmail.com>
> > > > > ha scritto:
> > > > >
> > > > > > Hello,
> > > > > > This patch [1] contains a .jar file that must not be committed to
> > the
> > > > > > source repository.
> > > > > > We generally cannot commit binary files to the source repo, as it
> > > won't
> > > > > be
> > > > > > "open source" anymore.
> > > > > >
> > > > > > When we are permitted to commit binary/compiled code, there must
> > be a
> > > > > very
> > > > > > good reason and it must be approved explicitly and noted somewhere
> > > > > (NOTICE
> > > > > > file?)
> > > > > >
> > > > > > My point here is that we are missing some automated check to
> > prevent
> > > > such
> > > > > > accidental commits.
> > > > > > I believe that we have to add a check to be run at every PR
> > > validation
> > > > > and
> > > > > > during the release process that our source distribution does not
> > > > contain
> > > > > > compiled code.
> > > > > >
> > > > > > Thoughts ?
> > > > > >
> > > > > > Enrico
> > > > > >
> > > > > > [1] https://github.com/apache/pulsar/pull/12535
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
Re: Missing check on .jar files committed to the source repo
Posted by Enrico Olivelli <eo...@gmail.com>.
Il giorno ven 3 dic 2021 alle ore 10:36 ZhangJian He <sh...@gmail.com>
ha scritto:
> I agree. I mean that the situation can be easily judged during the review
> process. So I think the automated check sames not so valuable.
> If you prefer, I have no objection.
>
Automated checks are useful because we are human and we usually miss to
validate this kind of boring stuff.
It is very like LICENSE headers, NOTICE files, checkstyle....
:-)
Enrico
>
>
> Thanks
> ZhangJian He
>
> Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道:
>
> > Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <shoothzj@gmail.com
> >
> > ha scritto:
> >
> > > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > > check, the reviewers can find if it's reasonable.
> > >
> >
> > For some files there are specific acceptance rules.
> > But we cannot commit other files that are not needed.
> >
> >
> > Enrico
> >
> >
> > >
> > > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
> > >
> > > > ping
> > > >
> > > >
> > > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > > eolivelli@gmail.com>
> > > > ha scritto:
> > > >
> > > > > Hello,
> > > > > This patch [1] contains a .jar file that must not be committed to
> the
> > > > > source repository.
> > > > > We generally cannot commit binary files to the source repo, as it
> > won't
> > > > be
> > > > > "open source" anymore.
> > > > >
> > > > > When we are permitted to commit binary/compiled code, there must
> be a
> > > > very
> > > > > good reason and it must be approved explicitly and noted somewhere
> > > > (NOTICE
> > > > > file?)
> > > > >
> > > > > My point here is that we are missing some automated check to
> prevent
> > > such
> > > > > accidental commits.
> > > > > I believe that we have to add a check to be run at every PR
> > validation
> > > > and
> > > > > during the release process that our source distribution does not
> > > contain
> > > > > compiled code.
> > > > >
> > > > > Thoughts ?
> > > > >
> > > > > Enrico
> > > > >
> > > > > [1] https://github.com/apache/pulsar/pull/12535
> > > > >
> > > > >
> > > >
> > >
> >
>
Re: Missing check on .jar files committed to the source repo
Posted by ZhangJian He <sh...@gmail.com>.
I agree. I mean that the situation can be easily judged during the review
process. So I think the automated check sames not so valuable.
If you prefer, I have no objection.
Thanks
ZhangJian He
Enrico Olivelli <eo...@gmail.com> 于2021年12月3日周五 17:22写道:
> Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <sh...@gmail.com>
> ha scritto:
>
> > Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> > check, the reviewers can find if it's reasonable.
> >
>
> For some files there are specific acceptance rules.
> But we cannot commit other files that are not needed.
>
>
> Enrico
>
>
> >
> > Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
> >
> > > ping
> > >
> > >
> > > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > > eolivelli@gmail.com>
> > > ha scritto:
> > >
> > > > Hello,
> > > > This patch [1] contains a .jar file that must not be committed to the
> > > > source repository.
> > > > We generally cannot commit binary files to the source repo, as it
> won't
> > > be
> > > > "open source" anymore.
> > > >
> > > > When we are permitted to commit binary/compiled code, there must be a
> > > very
> > > > good reason and it must be approved explicitly and noted somewhere
> > > (NOTICE
> > > > file?)
> > > >
> > > > My point here is that we are missing some automated check to prevent
> > such
> > > > accidental commits.
> > > > I believe that we have to add a check to be run at every PR
> validation
> > > and
> > > > during the release process that our source distribution does not
> > contain
> > > > compiled code.
> > > >
> > > > Thoughts ?
> > > >
> > > > Enrico
> > > >
> > > > [1] https://github.com/apache/pulsar/pull/12535
> > > >
> > > >
> > >
> >
>
Re: Missing check on .jar files committed to the source repo
Posted by Enrico Olivelli <eo...@gmail.com>.
Il giorno ven 3 dic 2021 alle ore 10:20 ZhangJian He <sh...@gmail.com>
ha scritto:
> Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
> check, the reviewers can find if it's reasonable.
>
For some files there are specific acceptance rules.
But we cannot commit other files that are not needed.
Enrico
>
> Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
>
> > ping
> >
> >
> > Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> > eolivelli@gmail.com>
> > ha scritto:
> >
> > > Hello,
> > > This patch [1] contains a .jar file that must not be committed to the
> > > source repository.
> > > We generally cannot commit binary files to the source repo, as it won't
> > be
> > > "open source" anymore.
> > >
> > > When we are permitted to commit binary/compiled code, there must be a
> > very
> > > good reason and it must be approved explicitly and noted somewhere
> > (NOTICE
> > > file?)
> > >
> > > My point here is that we are missing some automated check to prevent
> such
> > > accidental commits.
> > > I believe that we have to add a check to be run at every PR validation
> > and
> > > during the release process that our source distribution does not
> contain
> > > compiled code.
> > >
> > > Thoughts ?
> > >
> > > Enrico
> > >
> > > [1] https://github.com/apache/pulsar/pull/12535
> > >
> > >
> >
>
Re: Missing check on .jar files committed to the source repo
Posted by ZhangJian He <sh...@gmail.com>.
Gradle has `gradle-wrapper.jar` too. I think we don't need an automated
check, the reviewers can find if it's reasonable.
Enrico Olivelli <eo...@gmail.com> 于2021年11月10日周三 16:47写道:
> ping
>
>
> Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <
> eolivelli@gmail.com>
> ha scritto:
>
> > Hello,
> > This patch [1] contains a .jar file that must not be committed to the
> > source repository.
> > We generally cannot commit binary files to the source repo, as it won't
> be
> > "open source" anymore.
> >
> > When we are permitted to commit binary/compiled code, there must be a
> very
> > good reason and it must be approved explicitly and noted somewhere
> (NOTICE
> > file?)
> >
> > My point here is that we are missing some automated check to prevent such
> > accidental commits.
> > I believe that we have to add a check to be run at every PR validation
> and
> > during the release process that our source distribution does not contain
> > compiled code.
> >
> > Thoughts ?
> >
> > Enrico
> >
> > [1] https://github.com/apache/pulsar/pull/12535
> >
> >
>
Re: Missing check on .jar files committed to the source repo
Posted by Enrico Olivelli <eo...@gmail.com>.
ping
Il giorno ven 5 nov 2021 alle ore 09:23 Enrico Olivelli <eo...@gmail.com>
ha scritto:
> Hello,
> This patch [1] contains a .jar file that must not be committed to the
> source repository.
> We generally cannot commit binary files to the source repo, as it won't be
> "open source" anymore.
>
> When we are permitted to commit binary/compiled code, there must be a very
> good reason and it must be approved explicitly and noted somewhere (NOTICE
> file?)
>
> My point here is that we are missing some automated check to prevent such
> accidental commits.
> I believe that we have to add a check to be run at every PR validation and
> during the release process that our source distribution does not contain
> compiled code.
>
> Thoughts ?
>
> Enrico
>
> [1] https://github.com/apache/pulsar/pull/12535
>
>