incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John D. Ament" <johndam...@apache.org>
Subject Re: [VOTE] HAWQ 2.0.0-beta-incubating RC4
Date Thu, 04 Feb 2016 03:00:01 GMT
So should we cancel this vote and wait for a new RC?

On Wed, Feb 3, 2016 at 9:56 PM Roman Shaposhnik <roman@shaposhnik.org>
wrote:

> Justin,
>
> once again -- thank you so much for your diligent reviews! Wrt.
> NOTICE/LICENSE files
> can you please take a look at this and see if that's acceptable:
>    https://github.com/rvs/incubator-hawq/blob/master/LICENSE
>    https://github.com/rvs/incubator-hawq/blob/master/NOTICE
>
> Wrt. crypto code -- you ended up being absolutely right and apologize
> for the confusion.
> The only thing I can say in my defense is that I got double tripped up by:
>      http://www.apache.org/dev/crypto.html#faq-previouslyexported
>
> http://www.postgresql.org/message-id/CAN1EF+z1B1ecxQ1GYudFo8WBp5+6mfKCQQGu_xVTNzuak9h_oA@mail.gmail.com
>
> At any rate, we're removing the crypto code:
>      https://issues.apache.org/jira/browse/HAWQ-394
>
> Hopefully this will take care of your concerns.
>
> Thanks,
> Roman.
>
> On Wed, Jan 27, 2016 at 5:12 AM, Justin Mclean <justinmclean@me.com>
> wrote:
> > Hi,
> >
> >> I think this section of NOTICE is simply not worded well enough.
> >
> > No problem, if it is not bundled it should be removed, if the wording is
> wrong it should be fixed.
> >
> >> Not it doesn’t.
> >
> > You might want to double check the files in here:
> > ./contrib/pgcrypto
> > ./src/interfaces/libpq
> >
> > Just do a quick search for SSL for instance. Or take a look a
> contrib/pgcrypto/crypt-blowfish.c it says "This code comes from John the
> Ripper password cracker, with reentrant and crypt(3) interfaces added,” and
> that looks to be GPL software or I think public domain?  I’d expect that to
> be in the LICENSE file. [1] I haven’t looked at everything in detail but
> there enough for concern and IMO it needs to be double checked.
> >
> > Exactly what is covered by "cryptographic functions” I’m not entirely
> sure. Do we have somewhere where that is spelt out? For instance is MD5
> included in that? (see ./contrib/pgcrypto/crypt-md5.c,
> ./contrib/pgcrypto/md5.c, ./src/backend/libpq/md5.c) or DES
> (./contrib/pgcrypto/crypt-des.c) or SHA2 (./contrib/pgcrypto/sha2.c) or
> blowfish mentioned above? (and those are not the only files)
> >
> >> Apache License  -- no sure what you mean here -- I think we're simply
> >> bubbling up the dependencies NOTICEs. Why is that wrong?
> >
> > Bubbling up NOTICEs is correct but AFAICS you’re not doing that.
> >
> >> Not sure what do you want us to do to handle that case.
> >
> > Fix the paths or remove it if it's no longer the case would be best I
> think.
> >
> > Thanks,
> > Justin
> >
> > 1. http://www.openwall.com/john/doc/LICENSE.shtml
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message