incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 4)
Date Tue, 16 Feb 2016 06:43:01 GMT
Hi Justin,

thanks for this awesome review !

We gonna improve with your comments.

Thanks again,
Regards
JB

On 02/16/2016 07:10 AM, Justin Mclean wrote:
> Hi,
>
> +1 binding
>
> I checked:
> - incubating in file name
> - hashes and signatures good
> - DISCLAIMER exits
> - Source LICENSE good (although the short form of the license is prefered) [1]
> - Source NOICE has a little bit of extra info in it - there's no need to mention MIT
software [1]
> - No unexpected binary files in source release
> - All source files have Apache headers
> - Unable to compile from source
>
> I got this error when compiling - looks like a path may be wrong:
> [INFO] Apache Unomi :: Distribution Package ............... FAILURE [  0.568 s]
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (copy-karaf)
on project unomi: An Ant BuildException has occured: /Users/justinmclean/Downloads/ApacheUnomi/unomi-1.0.0-incubating/package/target/assembly/elasticsearch-1.6.2/lib/sigar
does not exist.
>
> Everything else compiled fine it just looks like creating the distribution package failed,
I’m assuming this is not a big issue.
>
> I think the path should be??
> ./unomi-1.0.0-incubating/package/target/assembly/lib/sigar/
>
> You may want to fix header on this file [2].
>
> Also can you please place the binaries in the correct place, this was raised as an issue
for the last release candidate.
>
> Now for the binary convenience release, sorry this is long, but I think a bit more work
need to be done here.
>
> The LICENSE file:
> - Boiler place Apache license should be at the top often file
> - Please use short form of the licenses
> - It not clear what is licensed under the CDDL or GPL licenses
> - GPLv2 is considered a category X license and should not be bundled with Apache software.
Why is this here?
> - Is missing a large number of licences that require being put in LICENSE
>
> For what I could find GPL software bundled includes woodstock [4], code model [5] and
tanuki software java service wrapper [12] . Is there other bundled GPL software? Is the GPL
issue known about and is the intent to replace that software? If this wasn’t know you may
want to discuss and consider only releasing the source release.
>
> License should contain:
> - non ASF licensed software including bndlib, Jackson core, jackson databind, Jackson
annotations, Fast Infoset Standard for Binary XML, ehcache, jettison, elastic search, jansi,
sigar (was GPL may need to double check), jledit, Joda-Time, Fast Infoset Project, OpenWS,
several ops4j projects, osgi jmx, slf4j, spring framework, SnakeYAML, Spatial4j, Quality Check,
UAdetector, GeoIP2, Google HTTP Client Library For Java, MaxMind DB, mvel2
> - CPL license wsdl4j
> - CDDL JAXB Binding Compiler, JAXB Runtime module
> - dual license CDDL/GPL code model, sun el [6], stack commons, Java mail [7],  SOAP with
Attachments API for Java [8], TXW2 Runtime [9], XSOM,
> - BSD licensed Jline, Stax2, knopflerfish, ASM, RelaxngDatatype, StringTemplate 4
> - public domain AOP Alliance, SAX
> - EPL Eclipses’s aether, eclipse core runtime, equinox, java development tools core
> - EPL/Apache dual licensed Jetty (may actually be a mix of CDDL, EPL and GPL)
> - dual licensed(?) EPL/Apache hawtjni
> - MIT licensed RELAX NG Object Model / Parser
> - MPL licensed Rhino, juniversalchardet
> - W3C dom
> - licenses from Sigar notice file
> - Apache 1.1 license Apache Avalon , Apache Xalan
> - double check what included from Apache CXF [13]
> - double check what’s included from Apache Felix (no LICENSE/NOTICE in github mirror)
> - include what is in Apache Karaf license file (if bundled)
> - MPL license software form Apache Servicemix notice file
> - double check what’s been bundled from Apache Xerces (no LICENSE/NOTICE in github
mirror)
>
> The the dual license CDDL/GPL can be treated as GPL if you don’t specify the license
choice. (see links below) You probably need to put this in the NOTICE file.
>
> Sigar's license may be an issue as while it’s Apache licensed it also includes further
restrictions [11]
> "You acknowledge that Software is not designed, licensed or intended for use in
> the design, construction, operation or maintenance of any nuclear facility
> ("High Risk Activities"). “
>
> I did this fairly quickly and will have missed a few things, you just need to look at
the jars you are including and what is inside them.  I notice some bundled jars also
> contain jars so you’ll need to look in those as well. I may of got the versions wrong
and different versions could be licensed under different licenses.
>
> The NOTICE file:
> - No need to list MIT or BSD or Apace licensed in NOTICE
> - No need to include everything from the sigar NOTICE probably only the copyright line
is needed but not 100% sure
> - No need to list copyright for org.apache.karaf.management, org.apache.openwebbeans,
HttpCore, org.apache.sshd, org.apache.servicemix.bundles, commons-lang, org.apache.karaf.features,
org.apache.mina, org.apache.karaf.kar, org.apache.karaf.jaas, org.apache.karaf.bundle, org.apache.karaf.deployer,
org.apache.aries etc etc etc
> - No need for extra "This product includes software developed by the ASF”
> - Any non ASF Apache license software copyright should be in LICENSE not NOTICE
> - Notice for opensaml looks incorrect [3]?
> - Even with the amount of bundled software here I expect the NOTICE file to be closer
to 100 lines rather than the 1000 lines it is
>
> Notice files I saw that IMO may effect NOTICE include:
> Apache Santuario, Jetty, Sigar, Apache Avalon, Apache Commons Codec, Apache Felix, Apache
Geronimo, Apache Karaf, Apache Neethi, Apache Xalan, Apache Xerces
>
> Also note the dual CDDL/GPL license info mention above.
>
> Thanks,
> Justin
>
>
> 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps <http://www.apache.org/dev/licensing-howto.html#permissive-deps>
> 2. ./samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
> 3. https://github.com/OpenConext/spring-security-opensaml/blob/master/NOTICE.TXT <https://github.com/OpenConext/spring-security-opensaml/blob/master/NOTICE.TXT>
> 4. http://central.maven.org/maven2/com/ctc/wstx/woodstox-osgi/3.2.1.1/woodstox-osgi-3.2.1.1.pom
<http://central.maven.org/maven2/com/ctc/wstx/woodstox-osgi/3.2.1.1/woodstox-osgi-3.2.1.1.pom>
> 5. http://central.maven.org/maven2/com/sun/codemodel/codemodel-project/2.6/codemodel-project-2.6.pom
<http://central.maven.org/maven2/com/sun/codemodel/codemodel-project/2.6/codemodel-project-2.6.pom>
> 6. https://java.net/projects/el-spec/sources/source-code/content/trunk/pom.xml?rev=285
<https://java.net/projects/el-spec/sources/source-code/content/trunk/pom.xml?rev=285>
(Notice this would effect the NOTICE file)
> 7. http://central.maven.org/maven2/com/sun/mail/all/1.5.2/all-1.5.2.pom <http://central.maven.org/maven2/com/sun/mail/all/1.5.2/all-1.5.2.pom>
(would also effect notice)
> 8. http://central.maven.org/maven2/com/sun/xml/messaging/saaj/saaj-impl/1.3.15/saaj-impl-1.3.15.pom
<http://central.maven.org/maven2/com/sun/xml/messaging/saaj/saaj-impl/1.3.15/saaj-impl-1.3.15.pom>
(same here)
> 9 .http://central.maven.org/maven2/com/sun/xml/txw2/txw2/20110809/txw2-20110809.pom <http://central.maven.org/maven2/com/sun/xml/txw2/txw2/20110809/txw2-20110809.pom>
(same here)
> 10 https://github.com/fusesource/hawtjni/blob/master/license.txt <https://github.com/fusesource/hawtjni/blob/master/license.txt>
> 11. https://github.com/hyperic/sigar/blob/master/NOTICE <https://github.com/hyperic/sigar/blob/master/NOTICE>
> 12. https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html <https://wrapper.tanukisoftware.com/doc/english/licenseOverview.html>
> 13.  http://cxf.apache.org/docs/licenses.html <http://cxf.apache.org/docs/licenses.html>
>

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message