nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Skora <jsk...@gmail.com>
Subject Re: build installs binaries and seems to be missing licenses
Date Sat, 16 Jul 2016 21:11:59 GMT
Joe,

Thank you for summarizing so clearly.  I read the NiFi guide a few months
back, but obviously need to go through it again.

If I understand correctly, it looks like there are no license concerns.

Thanks,
Joe


On Sat, Jul 16, 2016 at 1:23 PM, Joe Witt <joe.witt@gmail.com> wrote:

> Generally speaking:
>
> [source]
> There are many source elements that go into our source release.  All
> of those must be appropriately licensed and based on our compatible
> with the ASLv2 License which generally is consider as those items
> listed as [1].
>
> [build process]
> There are package managers involved in the build process including
> things like Maven, NPM, Bower, and perhaps others.  There are also
> other things used to conduct the build.  Those things need to be
> appropriately licensed for us to use.  I'm not aware of anything we're
> using that is problematic.
>
> [binary artifacts]
> There are numerous binary artifacts produced as a result of our build
> process.  All of those artifacts need to be appropriately licensed and
> compatible with ASLv2 which includes those category-a items listed
> above and also binary artifacts which satisfy the category-b handling
> mentioned here [2].
>
> So the net of this is that our source LICENSE/NOTICE [1,2] must
> account for all things in our source release.  Our binary artifact
> LICENSE/NOTICE [3,4] must account for things in our binary convenience
> bundles/artifacts.
>
> Much more of this is described and articulated on various ASF pages.
> For the NiFi project itself though we have this document to help root
> that guidance in our processes that we have thus far [5].
>
> [1] http://www.apache.org/legal/resolved.html#category-a
> [2] http://www.apache.org/legal/resolved.html#category-a
> [3] https://github.com/apache/nifi/blob/master/LICENSE
> [4] https://github.com/apache/nifi/blob/master/NOTICE
> [5] https://github.com/apache/nifi/blob/master/nifi-assembly/LICENSE
> [6] https://github.com/apache/nifi/blob/master/nifi-assembly/NOTICE
> [7] https://nifi.apache.org/licensing-guide.html
>
> Thanks
> Joe
>
> On Sat, Jul 16, 2016 at 12:58 PM, Joe Skora <jskora@gmail.com> wrote:
> > I'm somewhat ignorant regarding of the front-end wiring, when a NiFi
> > instance runs does it use NodeJS, NPM, Bower, etc. or are those only used
> > during the build?
> >
> > If they are only used during the build, how does that affect the Apache
> > licensing, do they need to have Apache compatible licenses like a Java
> > library does?
> >
> > On Fri, Jul 15, 2016 at 7:52 PM, Joe Witt <joe.witt@gmail.com> wrote:
> >
> >> Wow i reread the first paragraph I wrote and well...yowza hopefully
> >> you can tell what I meant to say.
> >>
> >> Also wanted to add that when I started seeing those things show up in
> >> the build i too did a double take and started looking into the
> >> licensing.  So it is very right to bring these up.  Taking this line
> >> of thought further i've also been concerned about things like
> >> stylesheets or fonts that are referenced against websites that get
> >> looked up by the client browser at runtime.  Definitely tradeoffs to
> >> consider.
> >>
> >> Anyway, I'll take another look too but if you find specific artifacts
> >> that are problematic in the resulting build please do share.
> >>
> >> Thanks
> >> Joe
> >>
> >> On Fri, Jul 15, 2016 at 5:39 PM, Joe Witt <joe.witt@gmail.com> wrote:
> >> > Joe,
> >> >
> >> > Now is certainly the time to address any concerns like this so no
> >> > worries if false.
> >> >
> >> > For item #1)
> >> > The source release cannot have any binaries.  A convenience binary
> >> > build generally is comprised on producing binary artifacts and linking
> >> > them with dependent artifacts much like happens as maven pulls in
> >> > dependencies.  Officially apache projects only do source releases.
> >> > The binary convenience artifacts some projects, like ours, provide is
> >> > truly just a convenience.  We must take care to ensure that the
> >> > resulting items are properly licensed and such but the official
> >> > 'release' is the source code only.
> >> >
> >> > For item #2)
> >> > The tools used to conduct the build are not necessary to call out nor
> >> > are dependencies like test dependencies, for example.  The resulting
> >> > artifacts in our binary build do need to be accounted for though and
> >> > yes they do need to be ASLv2 compatible.  The LICENSE/NOTICE within
> >> > nifi-assembly is where the appropriate LICENSE/NOTICE lives for such
> >> > things.  Are there any specific artifacts being pulled in that you're
> >> > finding problematic?  We should definitely get those identified and
> >> > addressed.
> >> >
> >> > Thanks
> >> > Joe
> >> >
> >> > On Fri, Jul 15, 2016 at 5:25 PM, Joe Skora <jskora@gmail.com> wrote:
> >> >> Dear devs,
> >> >>
> >> >> I've looking into the 1.0.0 build processes and I noticed a couple
> >> things
> >> >> that I don't understand.
> >> >>
> >> >> 1. During the build, nifi-web-ui (and another modules) use NodeJS.
> This
> >> >> entails the "frontend-maven-plugin" actually downloading and
> executing
> >> >> binary code.  That's not something I'd normally expect in a Maven
> build,
> >> >> especially when the downloads do not come from repositories
> referenced
> >> in
> >> >> the NiFi build configuration.
> >> >>
> >> >>      Is installing a foreign binary and executing it during a build
a
> >> >> problem under Apache?
> >> >>
> >> >> 2. The build uses NodeJS, NPM, and Bower (maybe more) but I cannot
> find
> >> any
> >> >> references to those tools in the license files.  Node appears to have
> >> it's
> >> >> own license, with a good bit of stuff rolled in as well.  If the
> >> relevant
> >> >> licenses are not Apache compatible this could be a problem.
> >> >>
> >> >>      Are there any license whisperers who can look at how these need
> to
> >> be
> >> >> reconciled?
> >> >>
> >> >> Sorry if I'm sounding false alarms, but this caught me off guard. 
I
> >> >> apologize if missed a prior discussion of this on the dev list.
> >> >>
> >> >> Regards,
> >> >> Joe
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message