ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Barham <Tim.Bar...@microsoft.com>
Subject Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
Date Mon, 20 Apr 2015 22:30:25 GMT
Christian - I reviewed other Apache projects, and they all included 3rd party license headers
in the LICENSE file.

Regarding the NOTICE file - we do have that, and I believe it contains the correct text, and
I couldn't find any other NOTICE files in dependencies to add to it.

________________________________________
From: Christian Grobmeier <grobmeier@apache.org>
Sent: Friday, April 17, 2015 7:37 PM
To: dev@ripple.incubator.apache.org
Subject: Re: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi,

I just run Rat and then found this thread.

> Here are the items (I've indicated the ones I know to be policy with '*',
> the others are practices that I commonly see and encourage but I'm not
> certain they are policy):
>
>   - The LICENSE file should contain the full license of all dependencies
>   * (have clearly stated and linked to licenses when not including the
>   full text)

Are you sure with that? I thought the LICENSE contains our license,
while we note the other licenses in the NOTICE file. Didn't find proof
for my ideas yet.


>   - Where a dependency is available to us under multiple licenses we
>   should state that we are using it under the most permissive license
>   available.

This link is interesting, as it says in the case of jQuery we chose MIT.
https://www.apache.org/legal/resolved.html#category-x
A good think to note int he NOTICE file, see below.

>
>   - The NOTICE file is incomplete, it does not contain references to (for
>   example) dependencies under the Apache Software license which (as per
>   clause 4d) requires mention in the NOTICE * (I have not looked to see
>   if the dependencies have a NOTICE file, if they do not then there is
>   nothing to do here)

I have seen a few people complain much about the NOTICE file. Basically
I would prefer to have that around before moving to the incubator, as it
surely comes up.

Not sure if thats a policy, it reads to me as we should have it:
http://apache.org/legal/src-headers.html#notice

>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Monday, April 6, 2015 8:03 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks for that info, Ross. Based on that, I'll create a new vote thread
> in the morning referencing the updated package I mentioned below.
>
> Also, I'll add some tools to jake so anyone can run RAT easily (with the
> known exceptions) to validate future releases.
>
> Thanks!
>
> Tim
> ________________________________________
> From: Ross Gardler (MS OPEN TECH) <Ross.Gardler@microsoft.com>
> Sent: Friday, April 3, 2015 7:41 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> With respect to the license headers - they all look fine. Go ahead and
> add those files as exceptions in the RAT configuration so that it passes.
>
> Ross
>
>
>
> -----Original Message-----
> From: Parashuram N (MS OPEN TECH) [mailto:panarasi@microsoft.com]
> Sent: Thursday, April 2, 2015 2:12 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi Tim,
>
> I have not looked at this yet. Do we want to bump it up ?
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Tuesday, March 31, 2015 6:49 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi, I just wanted to follow up on this. Has anyone had a chance to look
> at the new package? Also, Ross, I was wondering if you had any feedback
> on the various license headers reported by RAT?
>
> Thanks!
>
> Tim
>
> ________________________________________
> From: Tim Barham [Tim.Barham@microsoft.com]
> Sent: Thursday, March 19, 2015 6:15 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Further update:
>
> 1. I've built a new archive that doesn't contain the pkg folder (which is
> the build output), and contains everything else (that was missing in the
> previous archive). This archive was create using 'git archive', so it
> contains all files in our git repository as of tag 0.9.28. Per your point
> Ross that none of the issues should block this release (I verified that
> ripple.js is ok, and also it is not included in the new package since it
> is an output of the build process), I've not made any changes to the
> source.
>
> The new archive can be found here: http://1drv.ms/1BAKsBJ
>
> 2. I ran RAT, and it complained about the following files:
>
>   ./assets/client/themes/dark/theme.css
>   ./assets/client/themes/light/theme.css
>   ./targets/chrome.extension/controllers/jquery.js
>   ./thirdparty/3d.js
>   ./thirdparty/Math.uuid.js
>   ./thirdparty/draw.js
>   ./thirdparty/jXHR.js
>   ./thirdparty/jquery.js
>   ./thirdparty/jquery.tooltip.js
>   ./thirdparty/jquery.ui.js
>
> The various jquery files are, of course, jquery and have headers along
> the lines of:
>
>     /*!
>      * jQuery JavaScript Library v1.6
>      * http://jquery.com/
>      *
>      * Copyright 2011, John Resig
>      * licensed under the MIT
>      * http://jquery.org/license
>      *
>      * Includes Sizzle.js
>      * http://sizzlejs.com/
>      * Copyright 2011, The Dojo Foundation
>      * Released under the MIT, BSD, and GPL Licenses.
>      *
>      * Date: Mon May 2 13:50:00 2011 -0400
>      */
>
> The two theme.css files were built by the jQuery UI CSS Framework, and
> have the following license headers:
>
> /*
> * jQuery UI CSS Framework
> * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about)
> * Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt)
> licenses.
> */
>
> Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL
> licenses.
>
> Math.uuid.js:
>
> /*!
> Math.uuid.js (v1.4)
> http://www.broofa.com
> mailto:robert@broofa.com
>
> Copyright (c) 2010 Robert Kieffer
> Dual licensed under the MIT and GPL licenses.
> */
>
> jXHR.js:
>
> // jXHR.js (JSON-P XHR)
> // v0.1 (c) Kyle Simpson
> // MIT License
>
> The two utilities 3d.js and draw.js don't mention specific licenses, but
> that 'Redistribution and use in source and binary forms, with or without
> modification, are permitted provided that the following conditions are
> met:" - those conditions being that the copyright notice is included and
> some other conditions that we meet.
>
> Anything we need to be concerned about here?
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Wednesday, March 18, 2015 7:18 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks hugely for your input, Ross.
>
> I just wanted to give an update on where I'm at with this - a while back
> I started writing some tools to automate some of the packaging stuff
> (building and signing archives, and some release verification tools based
> on those used for Cordova). I had put them on the backburner, but decided
> to revisit them - specifically move them Ripple's existing jake tools,
> and add some logic to make it easier to create a package appropriate for
> either for Apache archives or for npm. I hoped to have that wrapped up
> today, and build and send out a new archive (that included some source
> folders that are missing in the current archive, and excluded the pkg
> folder), but I'm not quite there. In order to facilitate moving forward
> I'll probably just build a new package in the morning rather than waiting
> until I have these tools integrated with the existing jake build tools.
>
> Regarding RAT - yeah, I ran that at one point early on. I'll run it again
> tomorrow to verify the results.
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
> Sent: Tuesday, March 17, 2015 3:40 AM
> To: dev@ripple.incubator.apache.org
> Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
>
> Tim, thank you again for making this happen.
>
> Generally it's good practice to post a [DISCUSS] thread before calling
> the vote. The Vote should usually be called when it's clear there are no
> blocking issues (some projects like to post [DISCUSS} and [VOTE] threads
> at the same time (hence my subject change here).
>
> I don't see any of the issues below as blocking for this release (unless
> an empty js file is a technical issue). Incubating projects are given
> more slack than top level projects. They need to be fixed in version
> control so the next release doesn't have the problem, but no need to
> re-roll this release in my opinion.
>
> Was RAT run against this codebase? http://creadur.apache.org/rat/
>
> Thanks,
> Ross
>
> -----Original Message-----
> From: Christian Grobmeier [mailto:grobmeier@apache.org]
> Sent: Friday, March 13, 2015 12:16 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [VOTE] Ripple release 0.9.28
>
> I found the following issues:
>
> NOTICE -> 2012 :)
>
> pkg/hosted/ripple.js appears to be empty. Is that correct?
>
> pkg/hosted do not have license headers. It looks like this would
> generated code, which is uploaded to somewhere? In Java-terms it would be
> similar to a binary artifact, which also do not have headers. This might
> come up as an issue. At Apache we are releasing source code first,
> everything else is just nice. The best and easiest thing would be to just
> add the header (automatically) to that files. Are there any options?
>
> /assets/server/images/NOTICE: its in a folder where only the logo
> remains. Is the location intended?
> I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe
> the included message should just go to the global NOTICE file?
>
> Thanks, i feel we are close :)
>
> Christian
>
> --
>   Christian Grobmeier
>   http://www.grobmeier.de
>   http://www.timeandbill.de
>
> On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> > Please review and vote on the release of Ripple 0.9.28.
> >
> > The package you are voting on is available for review at
> > http://bit.ly/1FZ8meZ. It was published from its corresponding git tag:
> >     incubator-ripple: 0.9.28 (1d95fed542)
> >
> > Since this will be an official Apache release of Ripple (our first!),
> > we must be particularly careful that it complies with all Apache
> > guidelines for an incubator release. As such, before voting +1, please
> > refer to and verify compliance with the checklist at
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> >
> > If anyone has concerns that we don't meet any of these requirements,
> > please don't hesitate to raise them here so we can discuss and make
> > changes if necessary.
> >
> > If you do give a +1 vote, please include what steps you took in order
> > to be confident in the release.
> >
> > Please also note from Ross's recent email:
> >
> > > What we need is three +1 "binding" votes, in reality that means
> > > three IPMC members. Once a project graduates it means three project
> > > management committee members. However, as a mentor (therefore having
> > > a binding vote) I look to the project participants to indicate their
> > > preference and (assuming no blocking issues on an IP check) I'll
> > > always vote in support of the communities non- binding votes.
> >
> > So please, even though your vote may not be binding, take some time to
> > review the release and vote!
> >
> > Upon a successful vote, we will arrange for the archive to be uploaded
> > to dist/incubator/ and publish it to NPM.
> >
> > Thanks, and looking forward to our first official Ripple release!
> >
> > Tim

Mime
View raw message