ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Gardler (MS OPEN TECH)" <Ross.Gard...@microsoft.com>
Subject Re: [Vote] Ripple release 0.9.29
Date Thu, 14 May 2015 16:46:51 GMT
Yes, incubator is very picky. Too damn picky in most cases (Arzhan, this comment is in no way
targeted at you, your thorough review here is entirely appropriate and very helpful).

We need fully correct IP management in order to graduate and remove the incubator label. We
do not need it to make an incubator release. An IPMC release just needs to be good enough.
Having a couple of license notices that are not needed is hardly going to result in a significant
legal issue for anyone.

At this point there is an unapproved release out there. We need to fix that.

Tim has worked hard on this. He's been slapped back a number of times and each time he has
taken the feedback and quietly done the work necessary. As a mentor I want to get behind and
support that excellent community spirit.

As long as the issues raised get fixed in version control then I'm happy to drive for this
release as is (assuming nobody turns up a significant issue).

Sent from Surface

From: grobmeier@apache.org<mailto:grobmeier@apache.org>
Sent: ‎Thursday‎, ‎May‎ ‎14‎, ‎2015 ‎3‎:‎28‎ ‎AM
To: dev@ripple.incubator.apache.org<mailto:dev@ripple.incubator.apache.org>

On Thu, May 14, 2015, at 03:12, Tim Barham wrote:
> Thanks for taking a look Arzhan (or do I call you Kai? :) )...
>
> > > * I manually verified all third party licenses in node_modules.
> >
> > node_modules are not included in the bundle.
>
> Yeah, it is intentional they are not included (and my manual verification
> was just to confirm all dependencies were released under licenses that
> are allowed as part of an Apache release).
>
> > LICENSE does not need to be include things like accounting and moment
> > which are not actually bundled
> > ...
> > Dependencies which are not included in the distribution MUST NOT be added
> > to LICENSE and NOTICE
>
> Hmmm, yeah, I knew we didn't *need* those entries, but didn't know it was
> a MUST NOT scenario. This was a question I had asked previously and
> didn't get a definitive answer to (and I hadn't picked up on that
> particular bit of info on that page) :).
>
> Ross - do we have any flexibility on this as an incubator release, or do
> we need to remove them?

Usually Incubator folks are *very* picky. Background is, the project
needs to learn to do releases the Apache way and so people will look
very closely at these kind of formalities. My answer would be "no, you
have even less flexibility because this is an incubator release".

If possible, I would re-roll it.

Usually people add something like -RC1 so we don't need to increase the
version number for each of these fixes - but thats up to the team.

Thanks!
Christian



> Thanks,
>
> Tim
>
> ________________________________________
> From: Arzhan Kinzhalin <arzhan@kinzhalin.com> on behalf of Arzhan
> Kinzhalin <arzhan@kinzhal.in>
> Sent: Thursday, May 14, 2015 10:59 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [Vote] Ripple release 0.9.29
>
> For what it’s worth (no vote here), I did the following:
>
> > * I verified build works and tests all pass.
>
> Yes.
>
> > * I verified license headers with Apache RAT (via 'jake rat’).
>
> Yes.
>
> > * I manually verified all third party licenses in node_modules.
>
>
> node_modules are not included in the bundle.
>
> If this is intentional, then LICENSE does not need to be include things
> like accounting and moment which are not actually bundled, but just
> listed as dependencies in package.son. From
> http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
> <http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled> :
>
> Bundled vs. Non-bundled Dependencies
>
> LICENSE and NOTICE must always be tailored to the content of the specific
> distribution they reside within. Dependencies which are not included in
> the distribution MUST NOT be added to LICENSE and NOTICE. As far as
> LICENSE and NOTICE are concerned, only bundled bits matter.
>
> If the bundle should include node_modules, then there are slightly more
> dependencies which should be given credit to.
>
> I used this to find them (only production are installed using “npm
> install --production”):
>
> --> find . -type d -name node_modules -exec ls -1 {} \; | sort | uniq -c
>    1 accounting
>    1 async
>    1 buffer-crc32
>    1 bytes
>    1 colors
>    1 combined-stream
>    1 commander
>    1 connect
>    1 connect-xcors
>    1 cookie
>    1 cookie-signature
>    1 debug
>    1 delayed-stream
>    1 express
>    1 form-data
>    1 formidable
>    1 fresh
>    1 methods
>    2 mime
>    1 mkdirp
>    1 moment
>    1 ms
>    1 open
>    1 pause
>    1 qs
>    1 range-parser
>    1 request
>    1 send
>
> There 28 of them. Deep dependencies should be listed as well if they are
> included in the distribution. From
> http://www.apache.org/dev/licensing-howto.html#deps-of-deps
> <http://www.apache.org/dev/licensing-howto.html#deps-of-deps> :
>
> Dependencies of Dependencies
>
> Dependencies of dependencies (including so-called "transitive
> dependencies") are no different from first-order dependencies for the
> purposes of assembling LICENSE and NOTICE: LICENSE and NOTICE need only
> be modified to accommodate them if and only if their bits are bundled.
>
>
> Please let me know if I can help in any way to resolve this (if this
> needs a resolution).
>
> --
> // kai
>
> > On May 13, 2015, at 18:52, Tim Barham <Tim.Barham@microsoft.com> wrote:
> >
> > [Once more, with feeling :) ]
> > ?
> > Please review and vote on the release of Ripple 0.9.29.
> >
> > The package you are voting on is available for review at http://1drv.ms/1J7SY3v.
It was published from its corresponding git tag:
> >      incubator-ripple: 0.9.29 (9737ec47f5)
> >
> > Since this will be an official Apache release of Ripple (another attempt at our
first official release!), we must be particularly careful that it complies with all Apache
guidelines for an incubator release. As such, before voting +1, please refer to and verify
compliance with the checklist at  http://incubator.apache.org/guides/releasemanagement.html#check-list.
> >
> > If anyone has concerns that we don't meet any of these requirements, please don't
hesitate to raise them here so we can discuss and make changes if necessary.
> >
> > If you do give a +1 vote, please include what steps you took in order to be confident
in the release.
> >
> > Please also note from Ross's recent email:
> >
> >> What we need is three +1 "binding" votes, in reality that means three IPMC
> >> members. Once a project graduates it means three project management committee
> >> members. However, as a mentor (therefore having a binding vote) I look to the
> >> project participants to indicate their preference and (assuming no blocking
> >> issues on an IP check) I'll always vote in support of the communities non-
> >> binding votes.
> >
> > So please, even though your vote may not be binding, take some time to review the
release and vote!
> >
> > Upon a successful vote, we will arrange for the archive to be uploaded to dist/incubator/
and publish it to NPM.
> >
> > I vote +1:
> > * I verified build works and tests all pass.
> > * I verified license headers with Apache RAT (via 'jake rat').
> > * I manually verified all third party licenses in node_modules.
> >
> > Thanks,
> >
> > Tim
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message