asterixdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hillery <chill...@hillery.land>
Subject Re: [DISCUSS] Release Apache AsterixDB 0.8.7-incubating (RC3)
Date Thu, 08 Oct 2015 20:25:39 GMT
That sounds like a reasonable idea to me. If Ate is right that this usually
takes several releases to get correct, it could be a really long time
before we have binaries fully ready to go. This release has already taken
months longer than expected; let's have a source-only release for now so we
can continue moving forward.

Ceej
aka Chris Hillery
On Oct 8, 2015 1:15 PM, "Till Westmann" <tillw@apache.org> wrote:

> Would it also be an option to
> a) release the current release in source-only form,
> b) not advertise/distribute the binaries for now, and
> c) fix this for the next release?
>
> Right now we have zero AsterixDB releases at the ASF and that way
> we could have one that people have to build on their own (which is
> the usual way at the ASF and no rocket science for any developer).
> Also, I think that individual developer can still build a binary and
> give it to someone for testing, it’s just not an ASF artifact at
> that point.
>
> Thoughts/Concerns?
>
> Cheers,
> Till
>
>
> On 7 Oct 2015, at 15:49, Ian Maxon wrote:
>
> I see, thank you for the very detailed analysis Ate. I think we will have
>> to fix all of the binary assemblies to conform.  What's in Maven is
>> important, as well as the bundled zips and such. Our usual method of
>> distribution to end-users is via those bundled zips, rather than source.
>> In
>> fact we actually had to add the source assembly specifically for voting,
>> typically developers or folks who need special patches simply check out
>> from git.
>> More info/updates to come as I dig into how to coax maven into doing this
>> nicely...
>>
>> Thanks again,
>> -Ian
>>
>> On Wed, Oct 7, 2015 at 3:24 PM, Ate Douma <ate@douma.nu> wrote:
>>
>> Hi team,
>>>
>>> I either can +1 or -1 this release candidate, depending on if the staged
>>> maven repository provided artifacts are also intended to be
>>> distributed...
>>>
>>> For just the source release (like for the Hyracks release), I think it is
>>> good to go, so +1 for that.
>>>
>>> But for the binary artifacts in the Maven repo, it is definitely a -1.
>>>
>>> So either you'll drop/skip releasing to the Maven repo for this time, and
>>> then you might be good (pending possible feedback from others), or this
>>> vote better be cancelled and prepare for a lot of work to get this fixed
>>> first...
>>>
>>> As I already mentioned on the Hyracks release candidate: LICENSE, NOTICE
>>> and DISCLAIMER requirements apply to all released/distributed artifacts.
>>> As such, all the build artifacts in the Maven repository also have to
>>> contain and provide these...
>>> Please check again the requirements for binary (re)distributions here:
>>>
>>> http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled
>>> http://www.apache.org/dev/licensing-howto.html#deps-of-deps
>>> http://www.apache.org/dev/licensing-howto.html#binary
>>>
>>> And in general everything on whole page.
>>>
>>> Some of the Maven repo jars already do have the 'verbatim' Apache LICENSE
>>> and NOTICE files, but none provide the Incubator DISCLAIMER, which in
>>> addition to the above rules also is required for every distribution from
>>> the Incubator.
>>>
>>> And some others jars don't even bundle a LICENSE and NOTICE file like
>>> asterix-common-0.8.7-incubating.jar (there are possibly more, I didn't
>>> check each and every one).
>>>
>>> And besides this, aggregating distributions like all .zip|.tar etc. files
>>> contain none of these files. Including module -source-release.zip files
>>> like asterix-events-0.8.7-incubating-source-release.zip and the -demo.zip
>>> files.
>>>
>>> All of these artifacts when released/distributed have to comply to the
>>> above rules.
>>> Which most definitely isn't a trivial task to comply with and typically
>>> takes several iterations to get right... Painful yes, but necessary.
>>> Once setup and configured properly though, thereafter it usually doesn't
>>> require a lot of work to keep it up to date.
>>>
>>> But getting it right the first time will.
>>> Just saying so that you'll all be aware this isn't something likely
>>> fixable in a few minutes or even hours...
>>>
>>> Two important things to keep in mind:
>>> - LICENSE and NOTICE files must be tailored specifically to the
>>> distribution containing them, providing attribution to what the
>>> distribution contains, but nothing more.
>>> For example 3rd party embedded sources like JQuery require license
>>> attribution, but NOT in artifacts NOT embedding them.
>>> So the asterix-app should indeed mention this in the LICENSE file in its
>>> jar AND -binary-assembly.zip, but for example the asterix-algebra jar
>>> should NOT.
>>> - Distributions bundling other distributions must aggregate possible
>>> LICENSE and NOTICE attributions of those other distributions within their
>>> main LICENSE and NOTICE file.
>>> So for example, the LICENSE and NOTICE files in the asterix-app
>>> binary-assembly.zip must aggregate those from the bundled/embedded
>>> asterix-app *jar*.
>>> And further more, as the binary-assembly.zip bundles many other,
>>> including 3rd party, jars, their LICENSE and/or NOTICE attributions needs
>>> to be aggregated as well (when needed, which depends on the particular
>>> LICENSE and/or NOTICE). Including possible other licenses applicable to
>>> those bundled jars (or whatever bundled bits).
>>> And for aggregates of aggregates, like the asterix-installer
>>> binary-assembly.zip, this has to be done 'transitively'. Yeah, a lot of
>>> work indeed.
>>>
>>> I also like to refer back to the [DISCUSS] mail I send earlier on the
>>> Hyracks release candidate, where I already indicated this to become
>>> critical when releasing binary artifacts.
>>> And to a few suggestions I gave then like configuring the
>>> apache-incubator-disclaimer-resource-bundle to ensure the DISCLAIMER file
>>> will automatically added to all generated jars (but not in assembled
>>> artifacts).
>>> And to leverage automatic *appending* specific LICENSE/NOTICE file
>>> fragments for specific modules which embed 3rd party resources, via
>>> src/main/appended-resources/META-INF/LICENSE and/or ./NOTICE files.
>>>
>>> I'm happy to try help out if this raises questions (and I expect it
>>> will),
>>> but that'll be more practical to do case by case.
>>> Trying to write down such 'guidelines' generically typically just leads
>>> to
>>> more confusion :)
>>>
>>> Kind regards,
>>> Ate
>>>
>>>
>>> On 2015-10-05 22:16, Ian Maxon wrote:
>>>
>>> Hi everyone,
>>>>
>>>> Please verify and vote on the first full Apache AsterixDB release!
>>>> This candidate addresses some of the differences that were noticed
>>>> between the tagged commit in git and the source packaging.
>>>>
>>>> The tag to be voted on is
>>>>
>>>> asterix-0.8.7-incubating
>>>> commit : d2e1e89cfdf39e2b772dff2600913bb79644a380
>>>> link:
>>>>
>>>> https://git-wip-us.apache.org/repos/asf?p=incubator-asterixdb.git;a=tag;h=refs/tags/asterix-0.8.7-incubating
>>>>
>>>> The artifacts, md5s, and signatures are at:
>>>>
>>>>
>>>>
>>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip
>>>>
>>>>
>>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.asc
>>>>
>>>>
>>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.md5
>>>>
>>>>
>>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.sha1
>>>>
>>>> MD5: 7330e6d6c2dd691ae3ab6a641e4d5344
>>>> SHA1: bf0b4a2ceaa26bcf1fcda33fee1ba227e31a88ba
>>>>
>>>> Additionally, a staged maven repository is available at:
>>>>
>>>> https://repository.apache.org/content/repositories/orgapacheasterix-1014/
>>>>
>>>> The KEYS file containing the PGP keys used to sign the release can be
>>>> found at
>>>>
>>>> https://dist.apache.org/repos/dist/release/incubator/asterixdb/KEYS
>>>>
>>>> RAT was executed as part of Maven via the RAT maven plugin, as well as
>>>> manually, but it
>>>> excludes the following paths:
>>>>
>>>> .*\.adm
>>>> .*\.aql
>>>> .*\.cleaned
>>>> .*\.csv
>>>> .*\.csv.cr
>>>> .*\.csv.crlf
>>>> .*\.csv.lf
>>>> .*\.ddl
>>>> .*\.dot
>>>> .*\.hcli
>>>> .*\.iml
>>>> .*\.json
>>>> .*\.out
>>>> .*\.plan
>>>> .*\.ps
>>>> .*\.scm
>>>> .*\.tbl
>>>> .*\.tbl\.big
>>>> .*\.tsv
>>>> .*\.txt
>>>> .*large_text
>>>> .*part-00000
>>>> .*part-00001
>>>>
>>>> .*\.goutputstream-YQMB2V
>>>> .*02-fuzzy-select
>>>> .*LockRequestFile
>>>> .*hosts
>>>> .*id_rsa
>>>> .*known_hosts
>>>>
>>>> .*bottle.py
>>>> .*geostats.js
>>>> .*jquery.autosize-min.js
>>>> .*jquery.min.js
>>>> .*rainbowvis.js
>>>> .*smoothie.js
>>>>
>>>>
>>>> These files either are either data for tests, procedurally generated,
>>>> or source files which come without a header mentioning their license,
>>>> but have an explicit reference in the LICENSE file.
>>>>
>>>> The complete RAT report is available at:
>>>>
>>>>
>>>> https://gist.githubusercontent.com/westmann/b6ed4b25bea44adcd526/raw/be93ff0c1d13c2ce7c88a2b713ace130b5e7ef5f/gistfile1.txt
>>>>
>>>> The vote is open for 72 hours, or until the necessary number of votes
>>>> (3 +1) has been reached.
>>>>
>>>> Please vote
>>>> [ ] +1 release this package as Apache AsterixDB 0.8.7-incubating
>>>> [ ] 0 No strong feeling either way
>>>> [ ] -1 do not release this package because ...
>>>>
>>>> Thanks!
>>>> -Ian
>>>>
>>>>
>>>>
>>>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message