You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafodion.apache.org by Roberta Marton <ro...@esgyn.com> on 2015/11/19 23:26:02 UTC
FW: [VOTE] Release Apache Trafodion (incubating) 1.3.0-incubating (RC4)
Fyi,
Here is the response sent to the IPMC team regarding Justin's and Steve's
comments.
Roberta
-----Original Message-----
From: Roberta Marton [mailto:roberta.marton@esgyn.com]
Sent: Thursday, November 19, 2015 2:25 PM
To: 'general@incubator.apache.org' <ge...@incubator.apache.org>
Subject: RE: [VOTE] Release Apache Trafodion (incubating) 1.3.0-incubating
(RC4)
Thanks Justin for your comprehensive review of the release artifacts and
valuable comments. And thanks Steve for your comment that indicates the
importance of getting provenance correct.
We are committed to getting the release package correct along with all the
provenance issues. This is the first time we are releasing and were
expecting some issues. A lot of time and effort has been spent getting your
source package to work in the Apache infrastructure.
We will look at the provenance issues you mentioned and figure out how best
to address them.
There are a few questions that we have based on the comments we received so
far:
1. HP donated the Trafodion code to Apache several months ago. We have gone
through all the legal steps to get the code donated. As part of this
process we removed all the HP copyrights except for our test files and
documentation. Do we have to remove all the Copyrights in order to release
in Apache? Is including HP in the NOTICE/LICENSE file adequate?
2. A conscious decision was made to add the latest Apache license to files
that have existing licenses. So now multiple licenses are showing up. Is
this something we should not be doing? The original license came when the
code was first used by the product.
3. We have followed the instructions detailed in [8] but it looks like we
are missing a mention of this in our README file. We will add appropriate
information as the rules apply, for example - " This distribution includes
cryptographic software. The country in which you currently reside may have
restrictions on the import, possession, use, and/or re-export to another
country, ..."
4. We do have permission to use the photos in [13] [14]. Is there
something we need to do to indicate this somewhere?
5. You mentioned that we may be too generous in excluding files for our RAT
test. We did include in the RAT_README file an explanation of the exception
and why. If there are specific explanations in RAT_README.txt that are not
ok , we can look at each one on a case by case basis.
We based RAT exceptions by looking at other apache products and as described
http://apache.org/legal/src-headers.html#faq-exceptions:
The RAT_README.txt file contains explanations on how we clearly cannot add
copyright info to :
• generated files
• configuration files
• testware expected files
• source/testware that were downloaded from elsewhere that contain
their own copyright info in the same directory.
However, it looks like we missed adding some of the items in our LICENSE
file.
6. Justin, can we get accessibility to some of the scripts you ran to check
for these incompatibilities? This will give our next release a better
chance of succeeding.
Again, thanks for taking the time to provide this valuable feedback
Regards,
Roberta
-----Original Message-----
From: Justin Mclean [mailto:justin@classsoftware.com]
Sent: Wednesday, November 18, 2015 6:29 PM
To: general@incubator.apache.org
Subject: Re: [VOTE] Release Apache Trafodion (incubating) 1.3.0-incubating
(RC4)
Hi,
Sorry -1 Due to license and copyright issues and possible crypto issue.
I checked:
- artefact contains incubating
- signature and hashes good
- DISCLAIMER exists
- LICENSE is missing a couple of things/has a few issues
- NOTICE is good but may be missing thing form other Apache bundled software
- rat exclusions bay be a bit wide
- no unexpected binaries in release
- while most source file have Apache headers there are serval issues with
copyright owners and multiple headers in files
- didn’t compile as the build process looks rather difficult
If OpenSSL is being bundled has this process been followed? [8] I’m not
familiar with the process and it may not apply here. Can someone who more
familiar with this please comment.
LICENSE issues:
- License implies that all BSD licensed software is "Copyright (c)
2008-2010, Allan Jardine” which is not the case. Each piece of licensed
software will have it’s own owner.
- missing MIT licensed Asciidoctor [1]
- Jquery UI is MIT licensed not BSD [2]
- missing MIT license MooTools Framework [3]
- missing BSD style OpenSSL license [4]
- missing MIT JavaScript InfoVis Toolkit license [5]
- missing MIT JQuery license [6]
- And while the code under [7] is MIT it's not copyright SpryMedia Ltd
- missing license for CSS Document by Codify Design Studio [15] How is this
file licensed?
Also this file [9] is marked as copyright ASF but contains other possible
copyright owners:
<!--Arbortext, Inc., 1988-2014, v.4002—>
<copyright><year>2015</year><holder>Hewlett-Packard Development Company,
L.P.</holder></copyright>
I also count 480+ incidences where copyright Hewlett-Packard in mentioned.
There are also multiple files that are marked copyright Salesforce.com e.g.
[10], copyright Open Software Foundation e.g. [11]
There are also a large number of files that have double copyright headers
e.g. [12].
And finally there is an assortment of years for Apache licensed software. As
the project hasn’t been incubating for that long I assume we have some other
bundled Apache software? If so this may effect NOTICE.
For instance:
* Copyright 2007 The Apache Software Foundation
* Copyright 2008 The Apache Software Foundation
* Copyright 2009 The Apache Software Foundation
* Copyright 2010 The Apache Software Foundation
* Copyright 2011 The Apache Software Foundation
* Copyright 2015 The Apache Software Foundation
There are two photographs [13][14] do you have permission from the original
owners to use them?
Thanks,
Justin
1. /core/rest/src/main/asciidoc
2. /dcs/src/main/resources/dcs-webapps/master/jquery-ui/jquery-ui.js
3. /dcs/src/main/resources/dcs-webapps/master/js/lib/jit.js
4. /core/conn/security_dll/LICENSE
5. /dcs/src/main/resources/dcs-webapps/master/js/lib/jit.js
6. /dcs/src/main/resources/dcs-webapps/master/js/lib/jquery-1.11.0.js
7./incubator-trafodion/core/sql/qmscommon/expat
8. http://www.apache.org/dev/crypto.html
9. ./docs/sql_reference/source/Trafodion_SQL_Reference_Manual.xml
10.
/tests/phx/src/test/java/org/trafodion/phoenix/end2end/AlterTableTest.java
11. /win-odbc64/sql/common/from_GB2312.c
12. /wms/src/main/java/org/trafodion/wms/util/RetryCounter.java
13. /core/sql/regress/executor/anoush.jpg
14./core/sql/regress/executor/deep.jpg
15. dcs/src/main/resources/dcs-webapps/master/css/stylesheet.css
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org