ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Barham <Tim.Bar...@microsoft.com>
Subject RE: [Vote] Ripple release 0.9.29
Date Fri, 22 May 2015 17:09:17 GMT
Thanks for the updates, Arzhan. Sorry for the delay taking a look at this - have been focusing
on some other stuff.

-----Original Message-----
From: arzhan@kinzhalin.com [mailto:arzhan@kinzhalin.com] On Behalf Of Arzhan Kinzhalin
Sent: Wednesday, May 20, 2015 9:21 AM
To: dev@ripple.incubator.apache.org
Subject: Re: [Vote] Ripple release 0.9.29

Just a brief update on the licensing issues detected. I've created two pull
requests:

1. Clean up credits to packages that are not distributed:

    https://github.com/apache/incubator-ripple/pull/57 -- already merged by Tim.

2. There was an issue with OpenLayers license -- it did not correspond to the version we're
currently using. I've changed it, added corresponding credits and updated the pointers to
the repository/tag corresponding to OpenLayers v2.12 (the one we're currently using).

    https://github.com/apache/incubator-ripple/pull/58 -- this is pending review.

Hope this helps.

Thanks,
Arzhan

On Fri, May 15, 2015 at 2:22 AM, Tim Barham <Tim.Barham@microsoft.com>
wrote:

> > Tim, would that be alright by you?
>
> Yep, go for it. I was planning on doing it this morning, but I'm 
> prepping for my trip to Redmond, so happy to let you take care of it.
> ________________________________________
> From: arzhan@kinzhalin.com <arzhan@kinzhalin.com> on behalf of Arzhan 
> Kinzhalin <arzhan@kinzhal.in>
> Sent: Friday, May 15, 2015 11:47 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [Vote] Ripple release 0.9.29
>
> Well, I didn't mean to pull back the release, but it's better it 
> happens here than in a review. I can clean up the license file from 
> the credits to the bits that are not actually redistributed and roll it over for review.
> Tim, would that be alright by you?
>
> On Thu, May 14, 2015 at 1:46 PM, Ross Gardler (MS OPEN TECH) < 
> Ross.Gardler@microsoft.com> wrote:
>
> > Yes, incubator is very picky. Too damn picky in most cases (Arzhan, 
> > this comment is in no way targeted at you, your thorough review here 
> > is
> entirely
> > appropriate and very helpful).
> >
> > We need fully correct IP management in order to graduate and remove 
> > the incubator label. We do not need it to make an incubator release. 
> > An IPMC release just needs to be good enough. Having a couple of 
> > license notices that are not needed is hardly going to result in a 
> > significant legal
> issue
> > for anyone.
> >
> > At this point there is an unapproved release out there. We need to 
> > fix that.
> >
> > Tim has worked hard on this. He's been slapped back a number of 
> > times and each time he has taken the feedback and quietly done the work necessary.
> As
> > a mentor I want to get behind and support that excellent community
> spirit.
> >
> > As long as the issues raised get fixed in version control then I'm 
> > happy to drive for this release as is (assuming nobody turns up a 
> > significant issue).
> >
> > Sent from Surface
> >
> > From: grobmeier@apache.org<mailto:grobmeier@apache.org>
> > Sent: ‎Thursday‎, ‎May‎ ‎14‎, ‎2015 ‎3‎:‎28‎ ‎AM
> > To: dev@ripple.incubator.apache.org<mailto:
> dev@ripple.incubator.apache.org
> > >
> >
> > On Thu, May 14, 2015, at 03:12, Tim Barham wrote:
> > > Thanks for taking a look Arzhan (or do I call you Kai? :) )...
> > >
> > > > > * I manually verified all third party licenses in node_modules.
> > > >
> > > > node_modules are not included in the bundle.
> > >
> > > Yeah, it is intentional they are not included (and my manual
> verification
> > > was just to confirm all dependencies were released under licenses 
> > > that are allowed as part of an Apache release).
> > >
> > > > LICENSE does not need to be include things like accounting and 
> > > > moment which are not actually bundled ...
> > > > Dependencies which are not included in the distribution MUST NOT 
> > > > be
> > added
> > > > to LICENSE and NOTICE
> > >
> > > Hmmm, yeah, I knew we didn't *need* those entries, but didn't know 
> > > it
> was
> > > a MUST NOT scenario. This was a question I had asked previously 
> > > and didn't get a definitive answer to (and I hadn't picked up on 
> > > that particular bit of info on that page) :).
> > >
> > > Ross - do we have any flexibility on this as an incubator release, 
> > > or
> do
> > > we need to remove them?
> >
> > Usually Incubator folks are *very* picky. Background is, the project 
> > needs to learn to do releases the Apache way and so people will look 
> > very closely at these kind of formalities. My answer would be "no, 
> > you have even less flexibility because this is an incubator release".
> >
> > If possible, I would re-roll it.
> >
> > Usually people add something like -RC1 so we don't need to increase 
> > the version number for each of these fixes - but thats up to the team.
> >
> > Thanks!
> > Christian
> >
> >
> >
> > > Thanks,
> > >
> > > Tim
> > >
> > > ________________________________________
> > > From: Arzhan Kinzhalin <arzhan@kinzhalin.com> on behalf of Arzhan 
> > > Kinzhalin <arzhan@kinzhal.in>
> > > Sent: Thursday, May 14, 2015 10:59 AM
> > > To: dev@ripple.incubator.apache.org
> > > Subject: Re: [Vote] Ripple release 0.9.29
> > >
> > > For what it’s worth (no vote here), I did the following:
> > >
> > > > * I verified build works and tests all pass.
> > >
> > > Yes.
> > >
> > > > * I verified license headers with Apache RAT (via 'jake rat’).
> > >
> > > Yes.
> > >
> > > > * I manually verified all third party licenses in node_modules.
> > >
> > >
> > > node_modules are not included in the bundle.
> > >
> > > If this is intentional, then LICENSE does not need to be include 
> > > things like accounting and moment which are not actually bundled, 
> > > but just listed as dependencies in package.son. From 
> > > http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bund
> > > led 
> > > <http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bun
> > > dled
> >
> > :
> > >
> > > Bundled vs. Non-bundled Dependencies
> > >
> > > LICENSE and NOTICE must always be tailored to the content of the
> specific
> > > distribution they reside within. Dependencies which are not 
> > > included in the distribution MUST NOT be added to LICENSE and 
> > > NOTICE. As far as LICENSE and NOTICE are concerned, only bundled bits matter.
> > >
> > > If the bundle should include node_modules, then there are slightly 
> > > more dependencies which should be given credit to.
> > >
> > > I used this to find them (only production are installed using “npm 
> > > install --production”):
> > >
> > > --> find . -type d -name node_modules -exec ls -1 {} \; | sort | 
> > > --> uniq
> -c
> > >    1 accounting
> > >    1 async
> > >    1 buffer-crc32
> > >    1 bytes
> > >    1 colors
> > >    1 combined-stream
> > >    1 commander
> > >    1 connect
> > >    1 connect-xcors
> > >    1 cookie
> > >    1 cookie-signature
> > >    1 debug
> > >    1 delayed-stream
> > >    1 express
> > >    1 form-data
> > >    1 formidable
> > >    1 fresh
> > >    1 methods
> > >    2 mime
> > >    1 mkdirp
> > >    1 moment
> > >    1 ms
> > >    1 open
> > >    1 pause
> > >    1 qs
> > >    1 range-parser
> > >    1 request
> > >    1 send
> > >
> > > There 28 of them. Deep dependencies should be listed as well if 
> > > they
> are
> > > included in the distribution. From 
> > > http://www.apache.org/dev/licensing-howto.html#deps-of-deps
> > > <http://www.apache.org/dev/licensing-howto.html#deps-of-deps> :
> > >
> > > Dependencies of Dependencies
> > >
> > > Dependencies of dependencies (including so-called "transitive
> > > dependencies") are no different from first-order dependencies for 
> > > the purposes of assembling LICENSE and NOTICE: LICENSE and NOTICE 
> > > need only be modified to accommodate them if and only if their bits are bundled.
> > >
> > >
> > > Please let me know if I can help in any way to resolve this (if 
> > > this needs a resolution).
> > >
> > > --
> > > // kai
> > >
> > > > On May 13, 2015, at 18:52, Tim Barham <Tim.Barham@microsoft.com>
> > wrote:
> > > >
> > > > [Once more, with feeling :) ]
> > > > ?
> > > > Please review and vote on the release of Ripple 0.9.29.
> > > >
> > > > The package you are voting on is available for review at
> > http://1drv.ms/1J7SY3v. It was published from its corresponding git tag:
> > > >      incubator-ripple: 0.9.29 (9737ec47f5)
> > > >
> > > > Since this will be an official Apache release of Ripple (another
> > attempt at our first official release!), we must be particularly 
> > careful that it complies with all Apache guidelines for an incubator 
> > release. As such, before voting +1, please refer to and verify 
> > compliance with the checklist at 
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> > > >
> > > > If anyone has concerns that we don't meet any of these 
> > > > requirements,
> > please don't hesitate to raise them here so we can discuss and make
> changes
> > if necessary.
> > > >
> > > > If you do give a +1 vote, please include what steps you took in 
> > > > order
> > to be confident in the release.
> > > >
> > > > Please also note from Ross's recent email:
> > > >
> > > >> What we need is three +1 "binding" votes, in reality that means
> three
> > IPMC
> > > >> members. Once a project graduates it means three project 
> > > >> management
> > committee
> > > >> members. However, as a mentor (therefore having a binding vote) 
> > > >> I
> > look to the
> > > >> project participants to indicate their preference and (assuming 
> > > >> no
> > blocking
> > > >> issues on an IP check) I'll always vote in support of the
> communities
> > non-
> > > >> binding votes.
> > > >
> > > > So please, even though your vote may not be binding, take some 
> > > > time
> to
> > review the release and vote!
> > > >
> > > > Upon a successful vote, we will arrange for the archive to be
> uploaded
> > to dist/incubator/ and publish it to NPM.
> > > >
> > > > I vote +1:
> > > > * I verified build works and tests all pass.
> > > > * I verified license headers with Apache RAT (via 'jake rat').
> > > > * I manually verified all third party licenses in node_modules.
> > > >
> > > > Thanks,
> > > >
> > > > Tim
> > >
> >
>
Mime
View raw message