ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Gardler (MS OPEN TECH)" <Ross.Gard...@microsoft.com>
Subject RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
Date Tue, 28 Apr 2015 14:33:38 GMT
For it. Thanks for finding the real use. So, we should link to the specific revision we are
using, to show it is taken under the as Apache license and we'll be good.

Thanks for your diligence. The first release of always the hardest.

Sent from my Windows Phone
________________________________
From: Tim Barham<mailto:Tim.Barham@microsoft.com>
Sent: ‎4/‎27/‎2015 8:20 PM
To: dev@ripple.incubator.apache.org<mailto:dev@ripple.incubator.apache.org>
Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Ross - right, that webworks.core/2.0.0/XMLHttpRequest.js file is, as you noted, original to
Ripple - it's not related to the code referred to by the license text (other than the name,
of course, which confuses things :) ).

The code in question is included (in compressed form) in OpenLayers.js (https://github.com/apache/incubator-ripple/blob/master/thirdparty/OpenLayers.js).
See lines 17 to 24 for the license text that was copied to the LICENSE file. The actual code
starts on line 745 (with 'var f=window.XMLHttpRequest...'). So it is, essentially, a dependency
of a dependency. The license text was just copied from OpenLayers.js and inserted into our
LICENSE file.

Regarding packages under node_modules - they're all MIT license except cssmin and semver (BSD
license) and request (Apache 2.0 license).

Thanks,

Tim

-----Original Message-----
From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
Sent: Tuesday, April 28, 2015 12:16 PM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

For xmlhttprequest are you sure that the code in use is from the referenced project? I'm looking
at https://github.com/apache/incubator-ripple/blob/e4b618fae11d4e3da294c33aaef5b0af381bc6ec/lib/client/platform/webworks.core/2.0.0/XMLHttpRequest.js
and see very little relationship with http://code.google.com/p/xmlhttprequest/source/browse/trunk/source/XMLHttpRequest.js?r=29
(the version before the move to LGPL). I'm also concerned that if this is from the Google
project the license header has been changed and thus the copyright information has been removed
- we can't do that.

However, looking at the history of this file it was brought in with the original code from
RIM and thus looks like it is their copyright. Furthermore, I kind find any obvious code that
is from the Google Code project. It looks to me like it doesn't exist in the Ripple code base

However, we do have code from the google project then I'd suggest you link to the specific
version that you are using, e.g. http://code.google.com/p/xmlhttprequest/source/browse/trunk/source/XMLHttpRequest.js?r=29
(this isn't

With respect to code brought in by NPM. I'm not certain of the answer there. In theory we
are only releasing the code as source and thus we would not need to include these licenses.
If, however, any dependencies brought in are under incompatible licenses that can cause problems.
If they are all under compatible licenses you are good to go (without them in the LICENCE
file), otherwise we probably ought to seek advice from legal-discuss.

Ross

-----Original Message-----
From: Tim Barham [mailto:Tim.Barham@microsoft.com]
Sent: Monday, April 20, 2015 3:40 PM
To: dev@ripple.incubator.apache.org
Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Ross - I found some information about xmlhttprequest.js that I discussed in the VOTE thread
- realized I should have discussed it here.

The gist was this: I believe the LICENSE entry for xmlhttprequest.js was correct. It is included
in thirdparty/OpenLayers.js, and the version included is from 2007 when xmlhttprequest.js
*was* released under the Apache license (see http://code.google.com/p/xmlhttprequest/source/detail?r=30
where the license was changed).

Also there are three licenses (for jWorkflow, accounting.js and moment.js) included in the
LICENSE file that are for code that is only under node_modules (that is, they are not part
of our package). Should these be removed from the LICENSE file?

Final question: given that the xmlhttprequest license probably SHOULD be in the license file,
is it an issue that those three licenses are included? If not, can we move forward with this
package rather than creating a new one (I'll add a KEYS file to the folder that contains the
package)?

Thanks,

Tim

________________________________________
From: Ross Gardler (MS OPEN TECH) <Ross.Gardler@microsoft.com>
Sent: Saturday, April 18, 2015 3:28 AM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

I'm changing my vote to -1 because I found a reference to an LGPL dependency incorrectly marked
as Apache licensed (xmlhttprequest). The below discussion about NOTICE is now moot as we cannot
release with LGPL code. Upon examining the code itself it looks like the LGPL code has already
been replaced and is not actually a dependency. However, this incorrect reference in the LICENSE
file must be removed (I've done that). Furthermore, since someone played loose with the file
in the past it needs another thorough review.

I also noticed that the cordova link was still to the incubator so I fixed that.

Re license files in LICENSE: "All the licenses on all the files to be included within a package
should be included in the LICENSE document. " http://incubator.apache.org/guides/releasemanagement.html#best-practice-license

It says "should" not "must" so I'm happy to go with what we have if you believe it will pass
the IPMC muster.



-----Original Message-----
From: Christian Grobmeier [mailto:grobmeier@apache.org]
Sent: Friday, April 17, 2015 2:38 AM
To: dev@ripple.incubator.apache.org
Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi,

I just run Rat and then found this thread.

> Here are the items (I've indicated the ones I know to be policy with
> '*', the others are practices that I commonly see and encourage but
> I'm not certain they are policy):
>
>   - The LICENSE file should contain the full license of all dependencies
>   * (have clearly stated and linked to licenses when not including the
>   full text)

Are you sure with that? I thought the LICENSE contains our license, while we note the other
licenses in the NOTICE file. Didn't find proof for my ideas yet.


>   - Where a dependency is available to us under multiple licenses we
>   should state that we are using it under the most permissive license
>   available.

This link is interesting, as it says in the case of jQuery we chose MIT.
https://www.apache.org/legal/resolved.html#category-x
A good think to note int he NOTICE file, see below.

>
>   - The NOTICE file is incomplete, it does not contain references to (for
>   example) dependencies under the Apache Software license which (as per
>   clause 4d) requires mention in the NOTICE * (I have not looked to see
>   if the dependencies have a NOTICE file, if they do not then there is
>   nothing to do here)

I have seen a few people complain much about the NOTICE file. Basically I would prefer to
have that around before moving to the incubator, as it surely comes up.

Not sure if thats a policy, it reads to me as we should have it:
http://apache.org/legal/src-headers.html#notice

>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Monday, April 6, 2015 8:03 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks for that info, Ross. Based on that, I'll create a new vote
> thread in the morning referencing the updated package I mentioned below.
>
> Also, I'll add some tools to jake so anyone can run RAT easily (with
> the known exceptions) to validate future releases.
>
> Thanks!
>
> Tim
> ________________________________________
> From: Ross Gardler (MS OPEN TECH) <Ross.Gardler@microsoft.com>
> Sent: Friday, April 3, 2015 7:41 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple
> release
> 0.9.28
>
> With respect to the license headers - they all look fine. Go ahead and
> add those files as exceptions in the RAT configuration so that it passes.
>
> Ross
>
>
>
> -----Original Message-----
> From: Parashuram N (MS OPEN TECH) [mailto:panarasi@microsoft.com]
> Sent: Thursday, April 2, 2015 2:12 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi Tim,
>
> I have not looked at this yet. Do we want to bump it up ?
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Tuesday, March 31, 2015 6:49 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Hi, I just wanted to follow up on this. Has anyone had a chance to
> look at the new package? Also, Ross, I was wondering if you had any
> feedback on the various license headers reported by RAT?
>
> Thanks!
>
> Tim
>
> ________________________________________
> From: Tim Barham [Tim.Barham@microsoft.com]
> Sent: Thursday, March 19, 2015 6:15 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple
> release
> 0.9.28
>
> Further update:
>
> 1. I've built a new archive that doesn't contain the pkg folder (which
> is the build output), and contains everything else (that was missing
> in the previous archive). This archive was create using 'git archive',
> so it contains all files in our git repository as of tag 0.9.28. Per
> your point Ross that none of the issues should block this release (I
> verified that ripple.js is ok, and also it is not included in the new
> package since it is an output of the build process), I've not made any
> changes to the source.
>
> The new archive can be found here: http://1drv.ms/1BAKsBJ
>
> 2. I ran RAT, and it complained about the following files:
>
>   ./assets/client/themes/dark/theme.css
>   ./assets/client/themes/light/theme.css
>   ./targets/chrome.extension/controllers/jquery.js
>   ./thirdparty/3d.js
>   ./thirdparty/Math.uuid.js
>   ./thirdparty/draw.js
>   ./thirdparty/jXHR.js
>   ./thirdparty/jquery.js
>   ./thirdparty/jquery.tooltip.js
>   ./thirdparty/jquery.ui.js
>
> The various jquery files are, of course, jquery and have headers along
> the lines of:
>
>     /*!
>      * jQuery JavaScript Library v1.6
>      * http://jquery.com/
>      *
>      * Copyright 2011, John Resig
>      * licensed under the MIT
>      * http://jquery.org/license
>      *
>      * Includes Sizzle.js
>      * http://sizzlejs.com/
>      * Copyright 2011, The Dojo Foundation
>      * Released under the MIT, BSD, and GPL Licenses.
>      *
>      * Date: Mon May 2 13:50:00 2011 -0400
>      */
>
> The two theme.css files were built by the jQuery UI CSS Framework, and
> have the following license headers:
>
> /*
> * jQuery UI CSS Framework
> * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about)
> * Dual licensed under the MIT (MIT-LICENSE.txt) and GPL
> (GPL-LICENSE.txt) licenses.
> */
>
> Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL
> licenses.
>
> Math.uuid.js:
>
> /*!
> Math.uuid.js (v1.4)
> http://www.broofa.com
> mailto:robert@broofa.com
>
> Copyright (c) 2010 Robert Kieffer
> Dual licensed under the MIT and GPL licenses.
> */
>
> jXHR.js:
>
> // jXHR.js (JSON-P XHR)
> // v0.1 (c) Kyle Simpson
> // MIT License
>
> The two utilities 3d.js and draw.js don't mention specific licenses,
> but that 'Redistribution and use in source and binary forms, with or
> without modification, are permitted provided that the following
> conditions are met:" - those conditions being that the copyright
> notice is included and some other conditions that we meet.
>
> Anything we need to be concerned about here?
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Wednesday, March 18, 2015 7:18 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Thanks hugely for your input, Ross.
>
> I just wanted to give an update on where I'm at with this - a while
> back I started writing some tools to automate some of the packaging
> stuff (building and signing archives, and some release verification
> tools based on those used for Cordova). I had put them on the
> backburner, but decided to revisit them - specifically move them
> Ripple's existing jake tools, and add some logic to make it easier to
> create a package appropriate for either for Apache archives or for
> npm. I hoped to have that wrapped up today, and build and send out a
> new archive (that included some source folders that are missing in the
> current archive, and excluded the pkg folder), but I'm not quite
> there. In order to facilitate moving forward I'll probably just build
> a new package in the morning rather than waiting until I have these tools integrated
with the existing jake build tools.
>
> Regarding RAT - yeah, I ran that at one point early on. I'll run it
> again tomorrow to verify the results.
>
> Thanks,
>
> Tim
>
> -----Original Message-----
> From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
> Sent: Tuesday, March 17, 2015 3:40 AM
> To: dev@ripple.incubator.apache.org
> Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
>
> Tim, thank you again for making this happen.
>
> Generally it's good practice to post a [DISCUSS] thread before calling
> the vote. The Vote should usually be called when it's clear there are
> no blocking issues (some projects like to post [DISCUSS} and [VOTE]
> threads at the same time (hence my subject change here).
>
> I don't see any of the issues below as blocking for this release
> (unless an empty js file is a technical issue). Incubating projects
> are given more slack than top level projects. They need to be fixed in
> version control so the next release doesn't have the problem, but no
> need to re-roll this release in my opinion.
>
> Was RAT run against this codebase? http://creadur.apache.org/rat/
>
> Thanks,
> Ross
>
> -----Original Message-----
> From: Christian Grobmeier [mailto:grobmeier@apache.org]
> Sent: Friday, March 13, 2015 12:16 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [VOTE] Ripple release 0.9.28
>
> I found the following issues:
>
> NOTICE -> 2012 :)
>
> pkg/hosted/ripple.js appears to be empty. Is that correct?
>
> pkg/hosted do not have license headers. It looks like this would
> generated code, which is uploaded to somewhere? In Java-terms it would
> be similar to a binary artifact, which also do not have headers. This
> might come up as an issue. At Apache we are releasing source code
> first, everything else is just nice. The best and easiest thing would
> be to just add the header (automatically) to that files. Are there any options?
>
> /assets/server/images/NOTICE: its in a folder where only the logo
> remains. Is the location intended?
> I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe
> the included message should just go to the global NOTICE file?
>
> Thanks, i feel we are close :)
>
> Christian
>
> --
>   Christian Grobmeier
>   http://www.grobmeier.de
>   http://www.timeandbill.de
>
> On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> > Please review and vote on the release of Ripple 0.9.28.
> >
> > The package you are voting on is available for review at
> > http://bit.ly/1FZ8meZ. It was published from its corresponding git tag:
> >     incubator-ripple: 0.9.28 (1d95fed542)
> >
> > Since this will be an official Apache release of Ripple (our
> > first!), we must be particularly careful that it complies with all
> > Apache guidelines for an incubator release. As such, before voting
> > +1, please refer to and verify compliance with the checklist at
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> >
> > If anyone has concerns that we don't meet any of these requirements,
> > please don't hesitate to raise them here so we can discuss and make
> > changes if necessary.
> >
> > If you do give a +1 vote, please include what steps you took in
> > order to be confident in the release.
> >
> > Please also note from Ross's recent email:
> >
> > > What we need is three +1 "binding" votes, in reality that means
> > > three IPMC members. Once a project graduates it means three
> > > project management committee members. However, as a mentor
> > > (therefore having a binding vote) I look to the project
> > > participants to indicate their preference and (assuming no
> > > blocking issues on an IP check) I'll always vote in support of the communities
non- binding votes.
> >
> > So please, even though your vote may not be binding, take some time
> > to review the release and vote!
> >
> > Upon a successful vote, we will arrange for the archive to be
> > uploaded to dist/incubator/ and publish it to NPM.
> >
> > Thanks, and looking forward to our first official Ripple release!
> >
> > Tim

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message