incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Casey Stella <ceste...@gmail.com>
Subject Re: [VOTE] Releasing Apache Metron 0.2.0BETA-RC2
Date Mon, 11 Jul 2016 13:54:49 GMT
Thanks for the careful attention, Justin.

Regarding the sample data for the StixExtractorTest.java, that came from
here
<https://github.com/STIXProject/stixproject.github.io/blob/master/getting-started/sample-walkthrough/IP_Watchlist-1.2.xml>
and
I considered it to be 3-clause BSD licensed due to the underlying project
license here
<https://github.com/STIXProject/stixproject.github.io/blob/master/LICENSE>.
If you think it's clearer, we can pull it into its own file and mention it
in the LICENSE for next release (JIRA here
<https://issues.apache.org/jira/browse/METRON-297>).

Regarding the effective_tld_names.dat, we had this discussion last release
and believe that they are reference data and should be considered
acceptable. We did note them in the LICENSE here
<https://github.com/apache/incubator-metron/blob/master/LICENSE#L205>.  The
rationale around why we think they should be acceptable as per category B
is as follows:

   - It's reference data, so not source code, so I feel that the category B
   wording was trying to make the distinction between source code and non-src
   code (i.e. "binary/object" in their language)
   - It's not source code, so paragraph 3 shouldn't apply, but even so, it
   has not changed since the last release
   - It's currently only supported for a legacy enrichment adapter, but
   will be removed next release as we found a better way of doing things.

Thoughts?

Best,
Casey



On Fri, Jul 8, 2016 at 10:45 PM, Justin Mclean <justin@classsoftware.com>
wrote:

> Hi,
>
> -1 (binding) until MPL licensed source issue resolved.
>
> I checked:
> - name contains incubating
> - signatures and hashes good
> - DISCLAIMER exists
> - LICENSE is OK, but look to be missing one permissive license? and
> assuming its ok it would be best if the MPL was in another file.
> - NOTICE is OK (but perhaps requires a notice from MPL?)
> - All ASF source file have apache header
> - No unexpected binary files
> - Can compile from source
>
> For the license I think this file [1] may incorrectly have an apache
> header. I’m also unsure of it’s license, but it’s likely to be permissive
> [2] and needs to be mentioned in LICENSE. Can you fix this in the next
> release please.
>
> There is a more serious issue in that the source includes MPL licensed
> files.[4][5][6] This is a category B license [3] and as such files under
> these terms can only included in binary form, but they plain text. They are
> not small (10,000 lines) and given they contain list of domain name it
> seems likely they they would change so I don’t think the last paragraph in
> [3] applies either. It would also be a good idea to list where they come
> from.
>
> Thanks,
> Justin
>
> 1.
> ./metron-platform/metron-data-management/src/test/java/org/apache/metron/dataloads/extractor/stix/StixExtractorTest.java
> 2. http://stixproject.github.io/legal/
> 3. http://www.apache.org/legal/resolved.html#category-b
> 4.
> ./metron-platform/metron-common/src/test/resources/effective_tld_names.dat
> 5.
> ./metron-platform/metron-enrichment/src/main/resources/effective_tld_names.dat
> 6.
> ./metron-platform/metron-parsers/src/test/resources/effective_tld_names.dat
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message