ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arzhan Kinzhalin <arz...@kinzhal.in>
Subject Re: [Vote] Ripple release 0.9.29
Date Wed, 20 May 2015 16:20:41 GMT
Just a brief update on the licensing issues detected. I've created two pull
requests:

1. Clean up credits to packages that are not distributed:

    https://github.com/apache/incubator-ripple/pull/57 -- already merged by
Tim.

2. There was an issue with OpenLayers license -- it did not correspond to
the version we're currently using. I've changed it, added corresponding
credits and updated the pointers to the repository/tag corresponding to
OpenLayers v2.12 (the one we're currently using).

    https://github.com/apache/incubator-ripple/pull/58 -- this is pending
review.

Hope this helps.

Thanks,
Arzhan

On Fri, May 15, 2015 at 2:22 AM, Tim Barham <Tim.Barham@microsoft.com>
wrote:

> > Tim, would that be alright by you?
>
> Yep, go for it. I was planning on doing it this morning, but I'm prepping
> for my trip to Redmond, so happy to let you take care of it.
> ________________________________________
> From: arzhan@kinzhalin.com <arzhan@kinzhalin.com> on behalf of Arzhan
> Kinzhalin <arzhan@kinzhal.in>
> Sent: Friday, May 15, 2015 11:47 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [Vote] Ripple release 0.9.29
>
> Well, I didn't mean to pull back the release, but it's better it happens
> here than in a review. I can clean up the license file from the credits to
> the bits that are not actually redistributed and roll it over for review.
> Tim, would that be alright by you?
>
> On Thu, May 14, 2015 at 1:46 PM, Ross Gardler (MS OPEN TECH) <
> Ross.Gardler@microsoft.com> wrote:
>
> > Yes, incubator is very picky. Too damn picky in most cases (Arzhan, this
> > comment is in no way targeted at you, your thorough review here is
> entirely
> > appropriate and very helpful).
> >
> > We need fully correct IP management in order to graduate and remove the
> > incubator label. We do not need it to make an incubator release. An IPMC
> > release just needs to be good enough. Having a couple of license notices
> > that are not needed is hardly going to result in a significant legal
> issue
> > for anyone.
> >
> > At this point there is an unapproved release out there. We need to fix
> > that.
> >
> > Tim has worked hard on this. He's been slapped back a number of times and
> > each time he has taken the feedback and quietly done the work necessary.
> As
> > a mentor I want to get behind and support that excellent community
> spirit.
> >
> > As long as the issues raised get fixed in version control then I'm happy
> > to drive for this release as is (assuming nobody turns up a significant
> > issue).
> >
> > Sent from Surface
> >
> > From: grobmeier@apache.org<mailto:grobmeier@apache.org>
> > Sent: ‎Thursday‎, ‎May‎ ‎14‎, ‎2015 ‎3‎:‎28‎ ‎AM
> > To: dev@ripple.incubator.apache.org<mailto:
> dev@ripple.incubator.apache.org
> > >
> >
> > On Thu, May 14, 2015, at 03:12, Tim Barham wrote:
> > > Thanks for taking a look Arzhan (or do I call you Kai? :) )...
> > >
> > > > > * I manually verified all third party licenses in node_modules.
> > > >
> > > > node_modules are not included in the bundle.
> > >
> > > Yeah, it is intentional they are not included (and my manual
> verification
> > > was just to confirm all dependencies were released under licenses that
> > > are allowed as part of an Apache release).
> > >
> > > > LICENSE does not need to be include things like accounting and moment
> > > > which are not actually bundled
> > > > ...
> > > > Dependencies which are not included in the distribution MUST NOT be
> > added
> > > > to LICENSE and NOTICE
> > >
> > > Hmmm, yeah, I knew we didn't *need* those entries, but didn't know it
> was
> > > a MUST NOT scenario. This was a question I had asked previously and
> > > didn't get a definitive answer to (and I hadn't picked up on that
> > > particular bit of info on that page) :).
> > >
> > > Ross - do we have any flexibility on this as an incubator release, or
> do
> > > we need to remove them?
> >
> > Usually Incubator folks are *very* picky. Background is, the project
> > needs to learn to do releases the Apache way and so people will look
> > very closely at these kind of formalities. My answer would be "no, you
> > have even less flexibility because this is an incubator release".
> >
> > If possible, I would re-roll it.
> >
> > Usually people add something like -RC1 so we don't need to increase the
> > version number for each of these fixes - but thats up to the team.
> >
> > Thanks!
> > Christian
> >
> >
> >
> > > Thanks,
> > >
> > > Tim
> > >
> > > ________________________________________
> > > From: Arzhan Kinzhalin <arzhan@kinzhalin.com> on behalf of Arzhan
> > > Kinzhalin <arzhan@kinzhal.in>
> > > Sent: Thursday, May 14, 2015 10:59 AM
> > > To: dev@ripple.incubator.apache.org
> > > Subject: Re: [Vote] Ripple release 0.9.29
> > >
> > > For what it’s worth (no vote here), I did the following:
> > >
> > > > * I verified build works and tests all pass.
> > >
> > > Yes.
> > >
> > > > * I verified license headers with Apache RAT (via 'jake rat’).
> > >
> > > Yes.
> > >
> > > > * I manually verified all third party licenses in node_modules.
> > >
> > >
> > > node_modules are not included in the bundle.
> > >
> > > If this is intentional, then LICENSE does not need to be include things
> > > like accounting and moment which are not actually bundled, but just
> > > listed as dependencies in package.son. From
> > > http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
> > > <http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
> >
> > :
> > >
> > > Bundled vs. Non-bundled Dependencies
> > >
> > > LICENSE and NOTICE must always be tailored to the content of the
> specific
> > > distribution they reside within. Dependencies which are not included in
> > > the distribution MUST NOT be added to LICENSE and NOTICE. As far as
> > > LICENSE and NOTICE are concerned, only bundled bits matter.
> > >
> > > If the bundle should include node_modules, then there are slightly more
> > > dependencies which should be given credit to.
> > >
> > > I used this to find them (only production are installed using “npm
> > > install --production”):
> > >
> > > --> find . -type d -name node_modules -exec ls -1 {} \; | sort | uniq
> -c
> > >    1 accounting
> > >    1 async
> > >    1 buffer-crc32
> > >    1 bytes
> > >    1 colors
> > >    1 combined-stream
> > >    1 commander
> > >    1 connect
> > >    1 connect-xcors
> > >    1 cookie
> > >    1 cookie-signature
> > >    1 debug
> > >    1 delayed-stream
> > >    1 express
> > >    1 form-data
> > >    1 formidable
> > >    1 fresh
> > >    1 methods
> > >    2 mime
> > >    1 mkdirp
> > >    1 moment
> > >    1 ms
> > >    1 open
> > >    1 pause
> > >    1 qs
> > >    1 range-parser
> > >    1 request
> > >    1 send
> > >
> > > There 28 of them. Deep dependencies should be listed as well if they
> are
> > > included in the distribution. From
> > > http://www.apache.org/dev/licensing-howto.html#deps-of-deps
> > > <http://www.apache.org/dev/licensing-howto.html#deps-of-deps> :
> > >
> > > Dependencies of Dependencies
> > >
> > > Dependencies of dependencies (including so-called "transitive
> > > dependencies") are no different from first-order dependencies for the
> > > purposes of assembling LICENSE and NOTICE: LICENSE and NOTICE need only
> > > be modified to accommodate them if and only if their bits are bundled.
> > >
> > >
> > > Please let me know if I can help in any way to resolve this (if this
> > > needs a resolution).
> > >
> > > --
> > > // kai
> > >
> > > > On May 13, 2015, at 18:52, Tim Barham <Tim.Barham@microsoft.com>
> > wrote:
> > > >
> > > > [Once more, with feeling :) ]
> > > > ?
> > > > Please review and vote on the release of Ripple 0.9.29.
> > > >
> > > > The package you are voting on is available for review at
> > http://1drv.ms/1J7SY3v. It was published from its corresponding git tag:
> > > >      incubator-ripple: 0.9.29 (9737ec47f5)
> > > >
> > > > Since this will be an official Apache release of Ripple (another
> > attempt at our first official release!), we must be particularly careful
> > that it complies with all Apache guidelines for an incubator release. As
> > such, before voting +1, please refer to and verify compliance with the
> > checklist at
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> > > >
> > > > If anyone has concerns that we don't meet any of these requirements,
> > please don't hesitate to raise them here so we can discuss and make
> changes
> > if necessary.
> > > >
> > > > If you do give a +1 vote, please include what steps you took in order
> > to be confident in the release.
> > > >
> > > > Please also note from Ross's recent email:
> > > >
> > > >> What we need is three +1 "binding" votes, in reality that means
> three
> > IPMC
> > > >> members. Once a project graduates it means three project management
> > committee
> > > >> members. However, as a mentor (therefore having a binding vote) I
> > look to the
> > > >> project participants to indicate their preference and (assuming no
> > blocking
> > > >> issues on an IP check) I'll always vote in support of the
> communities
> > non-
> > > >> binding votes.
> > > >
> > > > So please, even though your vote may not be binding, take some time
> to
> > review the release and vote!
> > > >
> > > > Upon a successful vote, we will arrange for the archive to be
> uploaded
> > to dist/incubator/ and publish it to NPM.
> > > >
> > > > I vote +1:
> > > > * I verified build works and tests all pass.
> > > > * I verified license headers with Apache RAT (via 'jake rat').
> > > > * I manually verified all third party licenses in node_modules.
> > > >
> > > > Thanks,
> > > >
> > > > Tim
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message