incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Li,De(BDG)" <l...@baidu.com>
Subject Re: Looking for Champion
Date Sat, 09 Jun 2018 08:06:43 GMT

   Copyrights were changed too which is also incorrect.

Yes, we know that, I have fixed this mistake as following.
https://github.com/baidu/palo/commit/ac770c33d445a4c18a0b74f56b28a4180b30bf
b7

As you mentioned, we will recheck and make sure if Open LDAP is necessary
for Palo. 

Best Regards,
Reed


在 2018/6/9 上午4:13, "Ted Dunning" <ted.dunning@gmail.com> 写入:

>Open LDAP is a form of copy-left. It requires source code distribution of
>binary packaged versions.
>
>
>
>On Fri, Jun 8, 2018 at 7:10 PM Dave Fisher <dave2wave@comcast.net> wrote:
>
>> Yuck. That’s a mess. That is one very large diff.
>>
>> I see a few files related to AES the were GPL converted to Apache which
>> not allowed.
>> Copyrights were changed too which is also incorrect.
>>
>> Changes to this file be/src/http/mongoose.h
>> 
>><https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54
>>f182e#diff-586168bd25cfbf3bc8bc1b52abc4206c> violate
>> license and copyright of Sergey Lyubka
>>
>> GitHub makes you expand each diff after awhile.
>>
>> There are dependency licenses that might be issues too.
>>
>> These licenses have not been evaluated by LEGAL.
>> * OpenLdap (OpenLDAP Software License)
>>
>> 
>>http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;
>>hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1
>> * rapidjson (Tencent)
>> Unknown
>> * cyrus-sasl (CMU License)
>> https://spdx.org/licenses/MIT-CMU.html
>> AKA MIT-CMU
>>
>> Lots of work in evaluating licenses.
>>
>> On Jun 8, 2018, at 9:46 AM, Ted Dunning <ted.dunning@gmail.com> wrote:
>>
>> Ouch.
>>
>> The copyright in question was attached to code from the source code for
>> mySQL. There is no way that code can be in an Apache project.
>>
>> Given the cut and paste history, it seems like it will require a very
>> detailed audit of code history or web searches to find where the
>>original
>> code came from. The my_aes.c and .h files, for instance, have no hint in
>> their history that they came from GPL'ed code.
>>
>>
>> Yeah. Lot’s of oversight.
>>
>> If we accept this proposal we need a Mentor who has time to help with
>>this
>> mess.
>>
>> I don’t know that I have the time to lead that effort. Anyone?
>>
>> Regards,
>> Dave
>>
>>
>> On Fri, Jun 8, 2018 at 5:37 PM Todd Lipcon <todd@cloudera.com> wrote:
>>
>> ...
>>
>> +1. Also briefly browsing the code I found suspicious commits like this
>> one:
>>
>>
>> 
>>https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f
>>182e
>>
>> ... in which a GPL license copyright by Oracle was "fixed" to be an
>>Apache
>> license copyright Baidu.
>>
>> So if this project does enter incubation I think we should be extra
>>careful
>> to audit the origins of all of the source code.
>>
>>
>>
>>

Mime
View raw message