ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Gardler (MS OPEN TECH)" <>
Subject RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
Date Fri, 17 Apr 2015 06:49:56 GMT
I've now done a deeper review of the release (sorry for the long delay, ApacheCon got in the
way). I will be voting +1 and will ask Christian to take a look before I take it to the IPMC
for our finding binding +1.

First of all, a very big thank you for sticking with it Tim. Cutting a first release is very
difficult as all the wrinkles need to be found. It is very frustrating and only those who
have done it themselves can understand just how frustrating it really is. The community owe
you a very large thank you.

Now, I have found a few wrinkles that need to be fixed. However, the good news is that I have
not found anything that I believe needs to block an incubator release. The IPMC may disagree
with me. I will do my best to make the case that the issues that remain are not critical and
thus it will be acceptable to fix in version control so that the next release will be a little
cleaner. This way you will not have to cut a new release.

Here are the items (I've indicated the ones I know to be policy with '*', the others are practices
that I commonly see and encourage but I'm not certain they are policy):

  - The LICENSE file should contain the full license of all dependencies * (have clearly stated
and linked to licenses when not including the full text)

  - Where a dependency is available to us under multiple licenses we should state that we
are using it under the most permissive license available.

  - The NOTICE file is incomplete, it does not contain references to (for example) dependencies
under the Apache Software license which (as per clause 4d) requires mention in the NOTICE
* (I have not looked to see if the dependencies have a NOTICE file, if they do not then there
is nothing to do here)

-----Original Message-----
From: Tim Barham [] 
Sent: Monday, April 6, 2015 8:03 AM
Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Thanks for that info, Ross. Based on that, I'll create a new vote thread in the morning referencing
the updated package I mentioned below. 

Also, I'll add some tools to jake so anyone can run RAT easily (with the known exceptions)
to validate future releases.


From: Ross Gardler (MS OPEN TECH) <>
Sent: Friday, April 3, 2015 7:41 AM
Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

With respect to the license headers - they all look fine. Go ahead and add those files as
exceptions in the RAT configuration so that it passes.


-----Original Message-----
From: Parashuram N (MS OPEN TECH) []
Sent: Thursday, April 2, 2015 2:12 PM
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi Tim,

I have not looked at this yet. Do we want to bump it up ?

-----Original Message-----
From: Tim Barham []
Sent: Tuesday, March 31, 2015 6:49 AM
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi, I just wanted to follow up on this. Has anyone had a chance to look at the new package?
Also, Ross, I was wondering if you had any feedback on the various license headers reported
by RAT?



From: Tim Barham []
Sent: Thursday, March 19, 2015 6:15 PM
Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Further update:

1. I've built a new archive that doesn't contain the pkg folder (which is the build output),
and contains everything else (that was missing in the previous archive). This archive was
create using 'git archive', so it contains all files in our git repository as of tag 0.9.28.
Per your point Ross that none of the issues should block this release (I verified that ripple.js
is ok, and also it is not included in the new package since it is an output of the build process),
I've not made any changes to the source.

The new archive can be found here:

2. I ran RAT, and it complained about the following files:


The various jquery files are, of course, jquery and have headers along the lines of:

     * jQuery JavaScript Library v1.6
     * Copyright 2011, John Resig
     * licensed under the MIT
     * Includes Sizzle.js
     * Copyright 2011, The Dojo Foundation
     * Released under the MIT, BSD, and GPL Licenses.
     * Date: Mon May 2 13:50:00 2011 -0400

The two theme.css files were built by the jQuery UI CSS Framework, and have the following
license headers:

* jQuery UI CSS Framework
* Copyright (c) 2010 AUTHORS.txt (
* Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt) licenses.

Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL licenses.


Math.uuid.js (v1.4)

Copyright (c) 2010 Robert Kieffer
Dual licensed under the MIT and GPL licenses.


// jXHR.js (JSON-P XHR)
// v0.1 (c) Kyle Simpson
// MIT License

The two utilities 3d.js and draw.js don't mention specific licenses, but that 'Redistribution
and use in source and binary forms, with or without modification, are permitted provided that
the following conditions are met:" - those conditions being that the copyright notice is included
and some other conditions that we meet.

Anything we need to be concerned about here?



-----Original Message-----
From: Tim Barham []
Sent: Wednesday, March 18, 2015 7:18 PM
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Thanks hugely for your input, Ross.

I just wanted to give an update on where I'm at with this - a while back I started writing
some tools to automate some of the packaging stuff (building and signing archives, and some
release verification tools based on those used for Cordova). I had put them on the backburner,
but decided to revisit them - specifically move them Ripple's existing jake tools, and add
some logic to make it easier to create a package appropriate for either for Apache archives
or for npm. I hoped to have that wrapped up today, and build and send out a new archive (that
included some source folders that are missing in the current archive, and excluded the pkg
folder), but I'm not quite there. In order to facilitate moving forward I'll probably just
build a new package in the morning rather than waiting until I have these tools integrated
with the existing jake build tools.

Regarding RAT - yeah, I ran that at one point early on. I'll run it again tomorrow to verify
the results.



-----Original Message-----
From: Ross Gardler (MS OPEN TECH) []
Sent: Tuesday, March 17, 2015 3:40 AM
Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Tim, thank you again for making this happen.

Generally it's good practice to post a [DISCUSS] thread before calling the vote. The Vote
should usually be called when it's clear there are no blocking issues (some projects like
to post [DISCUSS} and [VOTE] threads at the same time (hence my subject change here).

I don't see any of the issues below as blocking for this release (unless an empty js file
is a technical issue). Incubating projects are given more slack than top level projects. They
need to be fixed in version control so the next release doesn't have the problem, but no need
to re-roll this release in my opinion.

Was RAT run against this codebase?


-----Original Message-----
From: Christian Grobmeier []
Sent: Friday, March 13, 2015 12:16 AM
Subject: Re: [VOTE] Ripple release 0.9.28

I found the following issues:

NOTICE -> 2012 :)

pkg/hosted/ripple.js appears to be empty. Is that correct?

pkg/hosted do not have license headers. It looks like this would generated code, which is
uploaded to somewhere? In Java-terms it would be similar to a binary artifact, which also
do not have headers. This might come up as an issue. At Apache we are releasing source code
first, everything else is just nice. The best and easiest thing would be to just add the header
(automatically) to that files. Are there any options?

/assets/server/images/NOTICE: its in a folder where only the logo remains. Is the location
I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe the included message
should just go to the global NOTICE file?

Thanks, i feel we are close :)


  Christian Grobmeier

On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> Please review and vote on the release of Ripple 0.9.28.
> The package you are voting on is available for review at 
> It was published from its corresponding git tag:
>     incubator-ripple: 0.9.28 (1d95fed542)
> Since this will be an official Apache release of Ripple (our first!), 
> we must be particularly careful that it complies with all Apache 
> guidelines for an incubator release. As such, before voting +1, please 
> refer to and verify compliance with the checklist at 
> If anyone has concerns that we don't meet any of these requirements, 
> please don't hesitate to raise them here so we can discuss and make 
> changes if necessary.
> If you do give a +1 vote, please include what steps you took in order 
> to be confident in the release.
> Please also note from Ross's recent email:
> > What we need is three +1 "binding" votes, in reality that means 
> > three IPMC members. Once a project graduates it means three project 
> > management committee members. However, as a mentor (therefore having 
> > a binding vote) I look to the project participants to indicate their 
> > preference and (assuming no blocking issues on an IP check) I'll 
> > always vote in support of the communities non- binding votes.
> So please, even though your vote may not be binding, take some time to 
> review the release and vote!
> Upon a successful vote, we will arrange for the archive to be uploaded 
> to dist/incubator/ and publish it to NPM.
> Thanks, and looking forward to our first official Ripple release!
> Tim

View raw message