incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <justinmcl...@me.com>
Subject Re: [VOTE] Release Apache AsterixDB (0.8.8-incubating) and Hyracks (0.2.17-incubating) (RC1)
Date Tue, 23 Feb 2016 02:58:36 GMT
Hi,

Sorry but -1 (binding) due to source release containing EPL licensed software

I checked the source release:
- incubating in release name
- signatures and hashes correct
- DISCLAIMER exists
- LICENSE is missing a few thing and incorrectly lists licenses (see below)
- NOTICE year is incorrect
- no unexpected binary 
- source files have headers 
- can compile from source

License issues:
- Looks to me that RainbowVis-JS is EPL [1] not MIT. EPL can’t be included in a source release.
- Missing normalize.css (MIT) [2]
- Missing license for second bottle file (MIT) [3]
- Bootstrap version bundled is Apache licensed not MIT licensed [4]
- Short form of licenses in LICENSE is preferred i.e. pointers to the license files [5]
- It’s also not mentioned for all licenses what each license is (MIT/BSD etc) that can be
helpful. The version of the bundled software is also helpful.
- Should include text of RainbowVis-JS license (or better still a pointer to a copy of the
license file) [5] not a pointer to a URL on github

For Hyracks source release:
- incubating in release name
- signatures and hashes correct
- DISCLAIMER exists
- LICENSE is ok
- NOTICE OK except year is incorrect
- no unexpected binary files
- source files have Apache header
- can compile from source

For the binary release I see you listed out the licence of each jar - that’s great.

But I think there can be some improvements:
- You may need to go one step further, some of those jars contain bundled software which may
need to be added to LICENSE and NOTICE
- Your LICENSE lists a large number of CDDL licensed bits of software. CDDL is Category B
and it’s my understanding that you must provide a link to the source code (see 3.1. Availability
of Source Code in [8]) Pervious advice on legal discuss was this goes in NOTICE but recent
discussions have left this a bit more muddled.
-There's no need to list in NOTICE the copyright years and name of an ASF licensed product
or the line " This product includes software developed by”.
- The NOTICE files have a lot of not required information in them [7]

I didn't check if there was anything missing form LICENSE/NOTICE in the binary releases.

Thanks,
Justin

1. https://github.com/anomal/RainbowVis-JS/blob/master/license.md
2. ./asterix-examples/src/main/resources/admaql101-demo/static/css/bootstrap.min.css
3. ./asterix-examples/src/main/resources/tweetbook-demo/bottle.py
4. ./asterix-app/src/main/resources/webui/static/js/bootstrap.min.js
5. http://www.apache.org/dev/licensing-howto.html#permissive-deps
7. http://www.apache.org/dev/licensing-howto.html#mod-notice
8. https://opensource.org/licenses/CDDL-1.0
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message