accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Busbey <bus...@cloudera.com>
Subject Re: [VOTE] Accumulo 1.5.4-rc1
Date Thu, 10 Sep 2015 19:10:26 GMT
We're responsible for all artifacts we distribute, both source releases and
generated binary artifacts.

It's also required that any binary bits we distribute are generated from
the approved source release. So licensing problems with them are problems
with the source release.

We could abstain from distributing the binary artifacts, but this vote
includes doing so. It'd be good form to also warn downstream users that the
generated binary artifacts aren't suitable for distribution.

--
Sean
On Sep 10, 2015 2:00 PM, "Josh Elser" <elserj@apache.org> wrote:

> Uh, my understanding is that a binary jar by definition is not a
> foundation sponsored release (it's binary). Where's the docs/history on
> declaring a binary jar as an official release?
>
> The omission of sizzle.js's in LICENSE and copying Thrift's NOTICE into
> our NOTICE for the _official source_ release is still a problem.
>
> Sean Busbey wrote:
>
>> As members of the PMC, we're required to verify all releases we approve of
>> meet ASF licensing policy[1], so I don't consider the issues "minor".
>>
>> Mistakenly violating policy in the past is a different kind of problem
>> than
>> moving forward to knowingly violate it.
>>
>> In particular, not all of the bundled works have copyrights that are
>> covered under a donation to the Foundation. If we distribute e.g. the
>> accumulo-core binary jar in its current state the foundation will be
>> committing willful copyright infringement. The binary tarball (and I'd
>> imagine the rpm/deb files) have similar problems because we'd be violating
>> the terms of the included works' respective licenses.
>>
>>
>> [1]:
>> http://www.apache.org/dev/release.html#what-must-every-release-contain
>>
>> On Thu, Sep 10, 2015 at 11:51 AM, Billie Rinaldi<billie.rinaldi@gmail.com
>> >
>> wrote:
>>
>> Agreed.
>>>
>>> On Thu, Sep 10, 2015 at 9:47 AM, Christopher<ctubbsii@apache.org>
>>> wrote:
>>>
>>> I think the license issues are relatively small compared to the bugfixes,
>>>> especially since we're really trying to close out 1.5.x development. So,
>>>> given the options, I'd prefer to pass RC1, and make the license fixes in
>>>> 1.6.x and later, as applicable.
>>>>
>>>> On Thu, Sep 10, 2015 at 12:28 PM Josh Elser<elserj@apache.org>  wrote:
>>>>
>>>> Thanks again for taking the time to inspect things so thoroughly, Sean.
>>>>>
>>>>> Others who have already voted, I'd ask for your opinion on whether we
>>>>> should sink this release (instead of me blindly going by majority
>>>>>
>>>> rule).
>>>
>>>> Personally, I'm presently of the opinion that, given the severity of
>>>>>
>>>> the
>>>
>>>> bug(s) fixed in this release already, RC1 should pass. Considering that
>>>>> we've been making releases like this for quite some time w/o issue and
>>>>> 1.5 is all but dead, let's push this release out, (again) table 1.5 and
>>>>> then make these improvements to 1.6 before we cut an RC there there
>>>>>
>>>> when
>>>
>>>> we have time to thoroughly vet the changes (instead of the 11th hour of
>>>>> a vote).
>>>>>
>>>>> If there's a need for lengthy discussion, let's break this off the VOTE
>>>>> thread (I leave this message here for visibility).
>>>>>
>>>>> - Josh
>>>>>
>>>>> Sean Busbey wrote:
>>>>>
>>>>>> -1
>>>>>>
>>>>>> * signatures check out
>>>>>> * checksums match
>>>>>> * licensing errors noted in ACCUMULO-3988
>>>>>>
>>>>>> On Sat, Sep 5, 2015 at 4:27 PM, Josh Elser<elserj@apache.org>
>>>>>>
>>>>> wrote:
>>>
>>>> Accumulo Developers,
>>>>>>>
>>>>>>> Please consider the following candidate for Accumulo 1.5.4.
>>>>>>>
>>>>>>> Git Commit:
>>>>>>>       12a1041dcbb7f3b10543c305f27ece4b0d65ab9c
>>>>>>> Branch:
>>>>>>>       1.5.4-rc1
>>>>>>>
>>>>>>> If this vote passes, a gpg-signed tag will be created using:
>>>>>>>       git tag -f -m 'Apache Accumulo 1.5.4' -s 1.5.4
>>>>>>> 12a1041dcbb7f3b10543c305f27ece4b0d65ab9c
>>>>>>>
>>>>>>> Staging repo:
>>>>>>>
>>>>>>>
>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039
>>>
>>>> Source (official release artifact):
>>>>>>>
>>>>>>>
>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/org/apache/accumulo/accumulo/1.5.4/accumulo-1.5.4-src.tar.gz
>>>
>>>> Binary:
>>>>>>>
>>>>>>>
>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/org/apache/accumulo/accumulo/1.5.4/accumulo-1.5.4-bin.tar.gz
>>>
>>>> (Append ".sha1", ".md5", or ".asc" to download the signature/hash
>>>>>>>
>>>>>> for
>>>
>>>> a
>>>>
>>>>> given artifact.)
>>>>>>>
>>>>>>> All artifacts were built and staged with:
>>>>>>>       mvn release:prepare&&   mvn release:perform
>>>>>>>
>>>>>>> Signing keys are available at
>>>>>>>
>>>>>> https://www.apache.org/dist/accumulo/KEYS
>>>>
>>>>> (Expected fingerprint: ABC8914C675FAD3FA74F39B2D146D62CAB471AE9)
>>>>>>>
>>>>>>> Release notes (in progress) can be found at
>>>>>>> https://accumulo.apache.org/release_notes/1.5.4
>>>>>>>
>>>>>>> Please vote one of:
>>>>>>> [ ] +1 - I have verified and accept...
>>>>>>> [ ] +0 - I have reservations, but not strong enough to vote
>>>>>>>
>>>>>> against...
>>>
>>>> [ ] -1 - Because..., I do not accept...
>>>>>>> ... these artifacts as the 1.5.4 release of Apache Accumulo.
>>>>>>>
>>>>>>> This vote will end on Thurs Sep  10 23:00:00 UTC 2015
>>>>>>> (Thurs Sep  10 20:00:00 EDT 2015 / Thurs Sep  10 17:00:00 PDT
2015)
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> P.S. Hint: download the whole staging repo with
>>>>>>>       wget -erobots=off -r -l inf -np -nH \
>>>>>>>
>>>>>>>
>>>>>>>
>>> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/
>>>
>>>>       # note the trailing slash is needed
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>
>>
>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message