ripple-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Parashuram N (MS OPEN TECH)" <panar...@microsoft.com>
Subject RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28
Date Mon, 20 Apr 2015 00:48:37 GMT
Hi Ross,

Thanks for noticing this. I think we should cancel the vote and restart it with the issues
fixed. 

-----Original Message-----
From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com] 
Sent: Friday, April 17, 2015 10:29 AM
To: dev@ripple.incubator.apache.org
Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

I'm changing my vote to -1 because I found a reference to an LGPL dependency incorrectly marked
as Apache licensed (xmlhttprequest). The below discussion about NOTICE is now moot as we cannot
release with LGPL code. Upon examining the code itself it looks like the LGPL code has already
been replaced and is not actually a dependency. However, this incorrect reference in the LICENSE
file must be removed (I've done that). Furthermore, since someone played loose with the file
in the past it needs another thorough review.

I also noticed that the cordova link was still to the incubator so I fixed that. 

Re license files in LICENSE: "All the licenses on all the files to be included within a package
should be included in the LICENSE document. " http://incubator.apache.org/guides/releasemanagement.html#best-practice-license

It says "should" not "must" so I'm happy to go with what we have if you believe it will pass
the IPMC muster.



-----Original Message-----
From: Christian Grobmeier [mailto:grobmeier@apache.org]
Sent: Friday, April 17, 2015 2:38 AM
To: dev@ripple.incubator.apache.org
Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28

Hi,

I just run Rat and then found this thread.

> Here are the items (I've indicated the ones I know to be policy with 
> '*', the others are practices that I commonly see and encourage but 
> I'm not certain they are policy):
> 
>   - The LICENSE file should contain the full license of all dependencies
>   * (have clearly stated and linked to licenses when not including the
>   full text)

Are you sure with that? I thought the LICENSE contains our license, while we note the other
licenses in the NOTICE file. Didn't find proof for my ideas yet.

 
>   - Where a dependency is available to us under multiple licenses we
>   should state that we are using it under the most permissive license
>   available.

This link is interesting, as it says in the case of jQuery we chose MIT.
https://www.apache.org/legal/resolved.html#category-x
A good think to note int he NOTICE file, see below.

> 
>   - The NOTICE file is incomplete, it does not contain references to (for
>   example) dependencies under the Apache Software license which (as per
>   clause 4d) requires mention in the NOTICE * (I have not looked to see
>   if the dependencies have a NOTICE file, if they do not then there is
>   nothing to do here)

I have seen a few people complain much about the NOTICE file. Basically I would prefer to
have that around before moving to the incubator, as it surely comes up.

Not sure if thats a policy, it reads to me as we should have it:
http://apache.org/legal/src-headers.html#notice

> 
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Monday, April 6, 2015 8:03 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
> 
> Thanks for that info, Ross. Based on that, I'll create a new vote 
> thread in the morning referencing the updated package I mentioned below.
> 
> Also, I'll add some tools to jake so anyone can run RAT easily (with 
> the known exceptions) to validate future releases.
> 
> Thanks!
> 
> Tim
> ________________________________________
> From: Ross Gardler (MS OPEN TECH) <Ross.Gardler@microsoft.com>
> Sent: Friday, April 3, 2015 7:41 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple 
> release
> 0.9.28
> 
> With respect to the license headers - they all look fine. Go ahead and 
> add those files as exceptions in the RAT configuration so that it passes.
> 
> Ross
> 
> 
> 
> -----Original Message-----
> From: Parashuram N (MS OPEN TECH) [mailto:panarasi@microsoft.com]
> Sent: Thursday, April 2, 2015 2:12 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
> 
> Hi Tim,
> 
> I have not looked at this yet. Do we want to bump it up ?
> 
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Tuesday, March 31, 2015 6:49 AM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
> 
> Hi, I just wanted to follow up on this. Has anyone had a chance to 
> look at the new package? Also, Ross, I was wondering if you had any 
> feedback on the various license headers reported by RAT?
> 
> Thanks!
> 
> Tim
> 
> ________________________________________
> From: Tim Barham [Tim.Barham@microsoft.com]
> Sent: Thursday, March 19, 2015 6:15 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS]  Ripple release 0.9.28 RE: [VOTE] Ripple 
> release
> 0.9.28
> 
> Further update:
> 
> 1. I've built a new archive that doesn't contain the pkg folder (which 
> is the build output), and contains everything else (that was missing 
> in the previous archive). This archive was create using 'git archive', 
> so it contains all files in our git repository as of tag 0.9.28. Per 
> your point Ross that none of the issues should block this release (I 
> verified that ripple.js is ok, and also it is not included in the new 
> package since it is an output of the build process), I've not made any 
> changes to the source.
> 
> The new archive can be found here: http://1drv.ms/1BAKsBJ
> 
> 2. I ran RAT, and it complained about the following files:
> 
>   ./assets/client/themes/dark/theme.css
>   ./assets/client/themes/light/theme.css
>   ./targets/chrome.extension/controllers/jquery.js
>   ./thirdparty/3d.js
>   ./thirdparty/Math.uuid.js
>   ./thirdparty/draw.js
>   ./thirdparty/jXHR.js
>   ./thirdparty/jquery.js
>   ./thirdparty/jquery.tooltip.js
>   ./thirdparty/jquery.ui.js
> 
> The various jquery files are, of course, jquery and have headers along 
> the lines of:
> 
>     /*!
>      * jQuery JavaScript Library v1.6
>      * http://jquery.com/
>      *
>      * Copyright 2011, John Resig
>      * licensed under the MIT
>      * http://jquery.org/license
>      *
>      * Includes Sizzle.js
>      * http://sizzlejs.com/
>      * Copyright 2011, The Dojo Foundation
>      * Released under the MIT, BSD, and GPL Licenses.
>      *
>      * Date: Mon May 2 13:50:00 2011 -0400
>      */
> 
> The two theme.css files were built by the jQuery UI CSS Framework, and 
> have the following license headers:
> 
> /*
> * jQuery UI CSS Framework
> * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about)
> * Dual licensed under the MIT (MIT-LICENSE.txt) and GPL
> (GPL-LICENSE.txt) licenses.
> */
> 
> Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL 
> licenses.
> 
> Math.uuid.js:
> 
> /*!
> Math.uuid.js (v1.4)
> http://www.broofa.com
> mailto:robert@broofa.com
> 
> Copyright (c) 2010 Robert Kieffer
> Dual licensed under the MIT and GPL licenses.
> */
> 
> jXHR.js:
> 
> // jXHR.js (JSON-P XHR)
> // v0.1 (c) Kyle Simpson
> // MIT License
> 
> The two utilities 3d.js and draw.js don't mention specific licenses, 
> but that 'Redistribution and use in source and binary forms, with or 
> without modification, are permitted provided that the following 
> conditions are met:" - those conditions being that the copyright 
> notice is included and some other conditions that we meet.
> 
> Anything we need to be concerned about here?
> 
> Thanks,
> 
> Tim
> 
> -----Original Message-----
> From: Tim Barham [mailto:Tim.Barham@microsoft.com]
> Sent: Wednesday, March 18, 2015 7:18 PM
> To: dev@ripple.incubator.apache.org
> Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
> 
> Thanks hugely for your input, Ross.
> 
> I just wanted to give an update on where I'm at with this - a while 
> back I started writing some tools to automate some of the packaging 
> stuff (building and signing archives, and some release verification 
> tools based on those used for Cordova). I had put them on the 
> backburner, but decided to revisit them - specifically move them 
> Ripple's existing jake tools, and add some logic to make it easier to 
> create a package appropriate for either for Apache archives or for 
> npm. I hoped to have that wrapped up today, and build and send out a 
> new archive (that included some source folders that are missing in the 
> current archive, and excluded the pkg folder), but I'm not quite 
> there. In order to facilitate moving forward I'll probably just build 
> a new package in the morning rather than waiting until I have these tools integrated
with the existing jake build tools.
> 
> Regarding RAT - yeah, I ran that at one point early on. I'll run it 
> again tomorrow to verify the results.
> 
> Thanks,
> 
> Tim
> 
> -----Original Message-----
> From: Ross Gardler (MS OPEN TECH) [mailto:Ross.Gardler@microsoft.com]
> Sent: Tuesday, March 17, 2015 3:40 AM
> To: dev@ripple.incubator.apache.org
> Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release
> 0.9.28
> 
> Tim, thank you again for making this happen.
> 
> Generally it's good practice to post a [DISCUSS] thread before calling 
> the vote. The Vote should usually be called when it's clear there are 
> no blocking issues (some projects like to post [DISCUSS} and [VOTE] 
> threads at the same time (hence my subject change here).
> 
> I don't see any of the issues below as blocking for this release 
> (unless an empty js file is a technical issue). Incubating projects 
> are given more slack than top level projects. They need to be fixed in 
> version control so the next release doesn't have the problem, but no 
> need to re-roll this release in my opinion.
> 
> Was RAT run against this codebase? http://creadur.apache.org/rat/
> 
> Thanks,
> Ross
> 
> -----Original Message-----
> From: Christian Grobmeier [mailto:grobmeier@apache.org]
> Sent: Friday, March 13, 2015 12:16 AM
> To: dev@ripple.incubator.apache.org
> Subject: Re: [VOTE] Ripple release 0.9.28
> 
> I found the following issues:
> 
> NOTICE -> 2012 :)
> 
> pkg/hosted/ripple.js appears to be empty. Is that correct?
> 
> pkg/hosted do not have license headers. It looks like this would 
> generated code, which is uploaded to somewhere? In Java-terms it would 
> be similar to a binary artifact, which also do not have headers. This 
> might come up as an issue. At Apache we are releasing source code 
> first, everything else is just nice. The best and easiest thing would 
> be to just add the header (automatically) to that files. Are there any options?
> 
> /assets/server/images/NOTICE: its in a folder where only the logo 
> remains. Is the location intended?
> I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe 
> the included message should just go to the global NOTICE file?
> 
> Thanks, i feel we are close :)
> 
> Christian
> 
> --
>   Christian Grobmeier
>   http://www.grobmeier.de
>   http://www.timeandbill.de
> 
> On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote:
> > Please review and vote on the release of Ripple 0.9.28.
> >
> > The package you are voting on is available for review at 
> > http://bit.ly/1FZ8meZ. It was published from its corresponding git tag:
> >     incubator-ripple: 0.9.28 (1d95fed542)
> >
> > Since this will be an official Apache release of Ripple (our 
> > first!), we must be particularly careful that it complies with all 
> > Apache guidelines for an incubator release. As such, before voting
> > +1, please refer to and verify compliance with the checklist at
> > http://incubator.apache.org/guides/releasemanagement.html#check-list.
> >
> > If anyone has concerns that we don't meet any of these requirements, 
> > please don't hesitate to raise them here so we can discuss and make 
> > changes if necessary.
> >
> > If you do give a +1 vote, please include what steps you took in 
> > order to be confident in the release.
> >
> > Please also note from Ross's recent email:
> >
> > > What we need is three +1 "binding" votes, in reality that means 
> > > three IPMC members. Once a project graduates it means three 
> > > project management committee members. However, as a mentor 
> > > (therefore having a binding vote) I look to the project 
> > > participants to indicate their preference and (assuming no 
> > > blocking issues on an IP check) I'll always vote in support of the communities
non- binding votes.
> >
> > So please, even though your vote may not be binding, take some time 
> > to review the release and vote!
> >
> > Upon a successful vote, we will arrange for the archive to be 
> > uploaded to dist/incubator/ and publish it to NPM.
> >
> > Thanks, and looking forward to our first official Ripple release!
> >
> > Tim

Mime
View raw message