accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher <ctubb...@apache.org>
Subject Re: [VOTE] Accumulo 1.5.4-rc1
Date Thu, 10 Sep 2015 19:07:13 GMT
Josh, the link Sean provided does address the issue of including
LICENSE/NOTICE files in the jars, and other associated artifacts. It also
makes it a point to call out that this expectation does not supersede the
definition of an ASF release as being source. That was a refresher I needed
as well.

However, I don't know where the "willful copyright infringement" comes
from. Omission of the LICENSE/NOTICE files is not necessarily an infringing
activity. They are acknowledgments/disclaimers of the legal status of the
code we use. As such, they do not generally change the rights we have to
redistribute under their respective licenses. They simply communicate them.
So, I think that part was a bit of hyperbole.

But yes, according to the policy cited, we do have an obligation to include
LICENSE/NOTICE files in the binaries.

On Thu, Sep 10, 2015 at 3:00 PM Josh Elser <elserj@apache.org> wrote:

> Uh, my understanding is that a binary jar by definition is not a
> foundation sponsored release (it's binary). Where's the docs/history on
> declaring a binary jar as an official release?
>
> The omission of sizzle.js's in LICENSE and copying Thrift's NOTICE into
> our NOTICE for the _official source_ release is still a problem.
>
> Sean Busbey wrote:
> > As members of the PMC, we're required to verify all releases we approve
> of
> > meet ASF licensing policy[1], so I don't consider the issues "minor".
> >
> > Mistakenly violating policy in the past is a different kind of problem
> than
> > moving forward to knowingly violate it.
> >
> > In particular, not all of the bundled works have copyrights that are
> > covered under a donation to the Foundation. If we distribute e.g. the
> > accumulo-core binary jar in its current state the foundation will be
> > committing willful copyright infringement. The binary tarball (and I'd
> > imagine the rpm/deb files) have similar problems because we'd be
> violating
> > the terms of the included works' respective licenses.
> >
> >
> > [1]:
> http://www.apache.org/dev/release.html#what-must-every-release-contain
> >
> > On Thu, Sep 10, 2015 at 11:51 AM, Billie Rinaldi<
> billie.rinaldi@gmail.com>
> > wrote:
> >
> >> Agreed.
> >>
> >> On Thu, Sep 10, 2015 at 9:47 AM, Christopher<ctubbsii@apache.org>
> wrote:
> >>
> >>> I think the license issues are relatively small compared to the
> bugfixes,
> >>> especially since we're really trying to close out 1.5.x development.
> So,
> >>> given the options, I'd prefer to pass RC1, and make the license fixes
> in
> >>> 1.6.x and later, as applicable.
> >>>
> >>> On Thu, Sep 10, 2015 at 12:28 PM Josh Elser<elserj@apache.org>  wrote:
> >>>
> >>>> Thanks again for taking the time to inspect things so thoroughly,
> Sean.
> >>>>
> >>>> Others who have already voted, I'd ask for your opinion on whether we
> >>>> should sink this release (instead of me blindly going by majority
> >> rule).
> >>>> Personally, I'm presently of the opinion that, given the severity of
> >> the
> >>>> bug(s) fixed in this release already, RC1 should pass. Considering
> that
> >>>> we've been making releases like this for quite some time w/o issue and
> >>>> 1.5 is all but dead, let's push this release out, (again) table 1.5
> and
> >>>> then make these improvements to 1.6 before we cut an RC there there
> >> when
> >>>> we have time to thoroughly vet the changes (instead of the 11th hour
> of
> >>>> a vote).
> >>>>
> >>>> If there's a need for lengthy discussion, let's break this off the
> VOTE
> >>>> thread (I leave this message here for visibility).
> >>>>
> >>>> - Josh
> >>>>
> >>>> Sean Busbey wrote:
> >>>>> -1
> >>>>>
> >>>>> * signatures check out
> >>>>> * checksums match
> >>>>> * licensing errors noted in ACCUMULO-3988
> >>>>>
> >>>>> On Sat, Sep 5, 2015 at 4:27 PM, Josh Elser<elserj@apache.org>
> >> wrote:
> >>>>>> Accumulo Developers,
> >>>>>>
> >>>>>> Please consider the following candidate for Accumulo 1.5.4.
> >>>>>>
> >>>>>> Git Commit:
> >>>>>>       12a1041dcbb7f3b10543c305f27ece4b0d65ab9c
> >>>>>> Branch:
> >>>>>>       1.5.4-rc1
> >>>>>>
> >>>>>> If this vote passes, a gpg-signed tag will be created using:
> >>>>>>       git tag -f -m 'Apache Accumulo 1.5.4' -s 1.5.4
> >>>>>> 12a1041dcbb7f3b10543c305f27ece4b0d65ab9c
> >>>>>>
> >>>>>> Staging repo:
> >>>>>>
> >>
> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039
> >>>>>> Source (official release artifact):
> >>>>>>
> >>
> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/org/apache/accumulo/accumulo/1.5.4/accumulo-1.5.4-src.tar.gz
> >>>>>> Binary:
> >>>>>>
> >>
> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/org/apache/accumulo/accumulo/1.5.4/accumulo-1.5.4-bin.tar.gz
> >>>>>> (Append ".sha1", ".md5", or ".asc" to download the signature/hash
> >> for
> >>> a
> >>>>>> given artifact.)
> >>>>>>
> >>>>>> All artifacts were built and staged with:
> >>>>>>       mvn release:prepare&&   mvn release:perform
> >>>>>>
> >>>>>> Signing keys are available at
> >>> https://www.apache.org/dist/accumulo/KEYS
> >>>>>> (Expected fingerprint: ABC8914C675FAD3FA74F39B2D146D62CAB471AE9)
> >>>>>>
> >>>>>> Release notes (in progress) can be found at
> >>>>>> https://accumulo.apache.org/release_notes/1.5.4
> >>>>>>
> >>>>>> Please vote one of:
> >>>>>> [ ] +1 - I have verified and accept...
> >>>>>> [ ] +0 - I have reservations, but not strong enough to vote
> >> against...
> >>>>>> [ ] -1 - Because..., I do not accept...
> >>>>>> ... these artifacts as the 1.5.4 release of Apache Accumulo.
> >>>>>>
> >>>>>> This vote will end on Thurs Sep  10 23:00:00 UTC 2015
> >>>>>> (Thurs Sep  10 20:00:00 EDT 2015 / Thurs Sep  10 17:00:00 PDT
2015)
> >>>>>>
> >>>>>> Thanks!
> >>>>>>
> >>>>>> P.S. Hint: download the whole staging repo with
> >>>>>>       wget -erobots=off -r -l inf -np -nH \
> >>>>>>
> >>>>>>
> >>
> https://repository.apache.org/content/repositories/orgapacheaccumulo-1039/
> >>>>>>       # note the trailing slash is needed
> >>>>>>
> >>>>>
> >>>>>
> >
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message