incubator-isis-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Struberg <strub...@yahoo.de>
Subject Re: [CANCEL] [VOTE] Apache Isis release candidate 0.1.2-RC3-incubating
Date Mon, 06 Jun 2011 20:46:32 GMT
Hi Dan!

Heads up! If it helps: I know not many incubator projects which makes it under 5 retries for
the first release... ;)

And Isis is really a huge code base, so there is lots of space to pickup some transitive dependency
which is not ok.

For the NOTICE file: if we don't ship those dependencies either as bin-package or in a WAR
or EAR file in our samples, then we don't need to add them imo. Because we are _not_ distributing
them. 

But IF we ship any WAR, EAR, zip, etc which contains those jars (sample WARs are most times
overlooked), then we must fulfil what all those licenses write under their 'distributing'
rules afaik.


LieGrue,
strub 
--- On Mon, 6/6/11, Dan Haywood <dkhaywood@gmail.com> wrote:

> From: Dan Haywood <dkhaywood@gmail.com>
> Subject: [CANCEL] [VOTE] Apache Isis release candidate 0.1.2-RC3-incubating
> To: "Mark Struberg" <struberg@yahoo.de>
> Cc: isis-dev@incubator.apache.org, dan@haywood-associates.co.uk
> Date: Monday, June 6, 2011, 8:12 PM
> [sigh]
> 
> Thanks, Mark, though, for your time in checking through the
> release.  I 
> had completely missed that LGPL dependency on XOM, which is
> really 
> annoying.  I need to change some source code to remove
> that dependency, 
> so the next RC might be delayed til I do that.
> 
> I don't think that anything is required in the NOTICE file
> for the other 
> category-a licenses, because we only reference them as
> dependencies on 
> Maven, we don't package them up or shade them. 
> However, since I'm gonna 
> have to cut another RC, I may as well add something to the
> NOTICE file 
> anyway.
> 
> And I'll definitely add an entry in NOTICE for that
> category-b license.  
> I'll double check the 
> src/main/appended-resources/supplemental-models.xml in case
> there are 
> any other category-b licenses that sneaked in also.
> 
> And, finally, I'll also change those javax.* dependencies
> to use the 
> Geronimo specs modules instead;  thanks for that link
> to them all.
> 
> Cheers
> Dan
> 
> 
> 
> On 06/06/2011 11:56, Mark Struberg wrote:
> > Hi Dan!
> >
> > Are you ready for the next iteration? ;)
> >
> > I fear I have to vote
> >
> > -1
> >
> > on the release.
> >
> > I'm only looking at the sources distribution.zip since
> this is the only official thing an Apache Software release
> contains (all other binaries are just nice goodies, but not
> part of the official release).
> > https://repository.apache.org/content/repositories/orgapacheisis-042/org/apache/isis/isis/0.1.2-RC3-incubating/
> >
> >
> > 1.) The source zip contains a file
> apache-rat-0.8-SNAPSHOT.jar. This is nothing which belongs
> to our source release.
> > I've also deleted it from our SVN repo.
> >
> > The other parts look pretty good so far!
> >
> > * key is fine
> > * sha1 is ok
> > * md5 is ok
> > * rat passes
> > * check on a few random samples for *.properties,
> pom.xml, *.java all had valid ALv2 headers
> > * LICENSE file is ok
> >
> >
> > A few parts are not 100% ok yet:
> >
> > NOTICE file is ok _IF_ we only ship ALv2 licensed
> dependencies or category A licenses as noted in [1].
> >
> > IF we ship differently licensed jar dependencies in
> our binary distribution or samples or 'shade' them into an
> own private package within isis, then we must imo also
> mention those licenses in our NOTICE files.
> > If we only reference those deps via maven, then not.
> >
> > Those are the following files:
> >
> > org.hamcrest:hamcrest-library:jar ->  BSD
> > javax.mail ->  CDDL
> > asm ->  BSD
> > jmock ->  BSD style
> > dom4j ->  MetaStuff license (BSD style)
> > org.owasp.esapi:esapi ->  BSD
> > json ->  JSON license (BSD style)
> >
> > org.htmlparser ->  CPL-1.0. This worries me a
> bit, since it falls under the category B (reciprocal) As far
> as I interpret the cat B section, we must add this to our
> NOTICE file, isn't?
> >
> > xom:xom ->  LGPL ->  BLOCKER this is a
> catX license which we must not depend upon! This seems to
> come as transitive dependency from org.owasp.esapi:esapi.
> Can we exclude xom:xom without breaking functionality?
> >
> > There are also a few javax.* dependencies from the
> java.net repo. Usually those packages are CDDL, thus we
> should replace them with packages from geronimo-specs [2]
> >
> > You can easily check the dependencies yourself too
> with
> > $>  mvn dependency:list
> >
> >
> > LieGrue,
> > strub
> >
> > PS: sorry that you have to do a release run once
> again, but if it helps: doing a proper review is not much
> less work :D
> >
> > [1] http://www.apache.org/legal/3party.html
> > [2] http://repo1.maven.org/maven2/org/apache/geronimo/specs/
> >
> >
> > --- On Mon, 6/6/11, Dan Haywood<dkhaywood@gmail.com> 
> wrote:
> >
> >> From: Dan Haywood<dkhaywood@gmail.com>
> >> Subject: Re: [VOTE] Apache Isis release candidate
> 0.1.2-RC3-incubating
> >> To: isis-dev@incubator.apache.org
> >> Date: Monday, June 6, 2011, 7:27 AM
> >>
> >> On 05/06/2011 11:25, Mike Burton wrote:
> >>> 1.  When I built the quickstart
> archetype, as per
> >> Quickstart Guide...
> >>> I needed to run mvn in a directory that
> doesn't have a
> >> pom.xml in it, as per your earlier suggestion,
> does this
> >> need documenting?
> >>> ie when I did:
> >>> mvn archetype:generate  \
> >>>         -D
> >> archetypeGroupId=org.apache.isis \
> >>>         -D
> >> archetypeArtifactId=quickstart-archetype \
> >>>         -D
> >> groupId=com.mycompany \
> >>>         -D
> artifactId=myapp
> >>> I got:
> >>>      Failed to validate POM for
> project
> >> com.agilejava.docbkx:docbkx-maven-plugin at
> Artifact
> >>
> [com.agilejava.docbkx:docbkx-maven-plugin:pom:2.0.8]
> >>> So I did  mkdir tmp; cd
> tmp   then
> >> repeated the above, all good.
> >> I've added a sentence to the site's (on both
> >> where-to-start.apt and quickstart.apt).
> >>
> >>
> >>
> >>> 2. When I ran the quickstart achetype
> >>> Quickstart Guide says cd quickstart, but
> actually need
> >> to cd examples/quickstart
> >>> Exploring this, the Quickstart Guide says
> >> ToDoItem.java is in the dom module. It is in
> >>
> examples/quickstart/dom/src/main/java/dom/todo/ToDoItem.java
> >>> which is pretty much obvious.
> >>>
> >> Yeah, it's pretty obvious.  But I've added a
> note to
> >> say that ToDoItem.java is in src/main/java (on
> >> quickstart.apt).
> >>
> >> Thanks again for reviewing the release.
> >>
> >> Dan
> >>
> >>
> >>
>


Mime
View raw message