incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <>
Subject Re: [VOTE] Release Apache Unomi 1.0.0-incubating (take 4)
Date Tue, 16 Feb 2016 06:10:32 GMT

+1 binding

I checked:
- incubating in file name
- hashes and signatures good
- Source LICENSE good (although the short form of the license is prefered) [1]
- Source NOICE has a little bit of extra info in it - there's no need to mention MIT software
- No unexpected binary files in source release
- All source files have Apache headers
- Unable to compile from source

I got this error when compiling - looks like a path may be wrong:
[INFO] Apache Unomi :: Distribution Package ............... FAILURE [  0.568 s]
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-antrun-plugin:1.7:run (copy-karaf)
on project unomi: An Ant BuildException has occured: /Users/justinmclean/Downloads/ApacheUnomi/unomi-1.0.0-incubating/package/target/assembly/elasticsearch-1.6.2/lib/sigar
does not exist.

Everything else compiled fine it just looks like creating the distribution package failed,
I’m assuming this is not a big issue.

I think the path should be??

You may want to fix header on this file [2].

Also can you please place the binaries in the correct place, this was raised as an issue for
the last release candidate.

Now for the binary convenience release, sorry this is long, but I think a bit more work need
to be done here.

The LICENSE file:
- Boiler place Apache license should be at the top often file
- Please use short form of the licenses
- It not clear what is licensed under the CDDL or GPL licenses
- GPLv2 is considered a category X license and should not be bundled with Apache software.
Why is this here?
- Is missing a large number of licences that require being put in LICENSE

For what I could find GPL software bundled includes woodstock [4], code model [5] and tanuki
software java service wrapper [12] . Is there other bundled GPL software? Is the GPL issue
known about and is the intent to replace that software? If this wasn’t know you may want
to discuss and consider only releasing the source release.

License should contain:
- non ASF licensed software including bndlib, Jackson core, jackson databind, Jackson annotations,
Fast Infoset Standard for Binary XML, ehcache, jettison, elastic search, jansi, sigar (was
GPL may need to double check), jledit, Joda-Time, Fast Infoset Project, OpenWS, several ops4j
projects, osgi jmx, slf4j, spring framework, SnakeYAML, Spatial4j, Quality Check, UAdetector,
GeoIP2, Google HTTP Client Library For Java, MaxMind DB, mvel2
- CPL license wsdl4j
- CDDL JAXB Binding Compiler, JAXB Runtime module
- dual license CDDL/GPL code model, sun el [6], stack commons, Java mail [7],  SOAP with Attachments
API for Java [8], TXW2 Runtime [9], XSOM,
- BSD licensed Jline, Stax2, knopflerfish, ASM, RelaxngDatatype, StringTemplate 4
- public domain AOP Alliance, SAX
- EPL Eclipses’s aether, eclipse core runtime, equinox, java development tools core
- EPL/Apache dual licensed Jetty (may actually be a mix of CDDL, EPL and GPL)
- dual licensed(?) EPL/Apache hawtjni
- MIT licensed RELAX NG Object Model / Parser
- MPL licensed Rhino, juniversalchardet
- W3C dom
- licenses from Sigar notice file
- Apache 1.1 license Apache Avalon , Apache Xalan
- double check what included from Apache CXF [13]
- double check what’s included from Apache Felix (no LICENSE/NOTICE in github mirror)
- include what is in Apache Karaf license file (if bundled)
- MPL license software form Apache Servicemix notice file
- double check what’s been bundled from Apache Xerces (no LICENSE/NOTICE in github mirror)

The the dual license CDDL/GPL can be treated as GPL if you don’t specify the license choice.
(see links below) You probably need to put this in the NOTICE file.

Sigar's license may be an issue as while it’s Apache licensed it also includes further restrictions
"You acknowledge that Software is not designed, licensed or intended for use in
the design, construction, operation or maintenance of any nuclear facility
("High Risk Activities"). “

I did this fairly quickly and will have missed a few things, you just need to look at the
jars you are including and what is inside them.  I notice some bundled jars also
contain jars so you’ll need to look in those as well. I may of got the versions wrong and
different versions could be licensed under different licenses.

The NOTICE file:
- No need to list MIT or BSD or Apace licensed in NOTICE
- No need to include everything from the sigar NOTICE probably only the copyright line is
needed but not 100% sure
- No need to list copyright for, org.apache.openwebbeans, HttpCore,
org.apache.sshd, org.apache.servicemix.bundles, commons-lang, org.apache.karaf.features, org.apache.mina,
org.apache.karaf.kar, org.apache.karaf.jaas, org.apache.karaf.bundle, org.apache.karaf.deployer,
org.apache.aries etc etc etc
- No need for extra "This product includes software developed by the ASF”
- Any non ASF Apache license software copyright should be in LICENSE not NOTICE
- Notice for opensaml looks incorrect [3]?
- Even with the amount of bundled software here I expect the NOTICE file to be closer to 100
lines rather than the 1000 lines it is

Notice files I saw that IMO may effect NOTICE include:
Apache Santuario, Jetty, Sigar, Apache Avalon, Apache Commons Codec, Apache Felix, Apache
Geronimo, Apache Karaf, Apache Neethi, Apache Xalan, Apache Xerces

Also note the dual CDDL/GPL license info mention above.


1. <>
2. ./samples/tweet-button-plugin/src/main/resources/OSGI-INF/blueprint/blueprint.xml
3. <>
6. <>
(Notice this would effect the NOTICE file)
7. <>
(would also effect notice)
(same here)
9 . <>
(same here)
10 <>
11. <>
12. <>
13. <>
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message