openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Rutkowski" <mrutk...@us.ibm.com>
Subject Re: Rejecting short license header in scancode
Date Mon, 06 May 2019 20:43:08 GMT
I would support anyone willing to codify our project compliance 
enforcement (for which files/file types permitted minimized headers) into 
scan code.  Just resisting the path where we "roll over" and just start 
blindly submitting dozens of commits to remove min. headers to get 1 vote 
which sets a dismal precedent IMO, but if that is what is "easy" than so 
be it.




From:   "David P Grove" <groved@us.ibm.com>
To:     dev@openwhisk.apache.org
Date:   05/06/2019 12:17 PM
Subject:        Re: Rejecting short license header in scancode





On 2019/05/06 16:40:40, "Matt Rutkowski" <m...@us.ibm.com> wrote:
> We are following the guidance here:>
> 
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.apache.org_legal_src-2Dheaders.html&d=DwIFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=6zQLM7Gc0Sv1iwayKOKa4_SFxRIxS478q2gZlAJj4Zw&m=jdpGy7bZrJDALZVsqXwyjHLL_jnn_Ha-c8LSpUOlJyw&s=z5e_gJo1vQZ4JaJ9y657izRaf3zzqAIUU9uSShJ1aXk&e=
>
>
> and we completely document which file types/rationale for any OW projec 
>

> use of a short header:>
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_incubator-2Dopenwhisk-2Drelease_blob_master_docs_license-5Fcompliance.md&d=DwIFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=6zQLM7Gc0Sv1iwayKOKa4_SFxRIxS478q2gZlAJj4Zw&m=jdpGy7bZrJDALZVsqXwyjHLL_jnn_Ha-c8LSpUOlJyw&s=lIoK2weENg6Hj0lqRppEyvBuH-DQivun1leiC_YEhRc&e=
>

>
> it also indicates where our exclusions and rationale as well.  Different
>
> projects/PMCs may have come to other conclusions, but IMO we are not out
>
> of compliance with any known written instructions found under the legal 
>

> doc.>
>
> Kind regards,>
> Matt >
>

Hi Matt,

                 Let me be more precise.  Our rules are most likely fine. 
We may need
to include [1]  in our voting emails to help the IPMC see that.

                 But, those are not the rules that scancode.py is actually 
enforcing.
As a result, we can easily generate releases that have minor mismatches
with our policies without noticing (and we have done so).

                 The implementation of scancode.py considers the short and 
long
licenses headers to be equivalent.  A file with either one is considered 
to
have a valid license header.

                 To see this, edit a random file with an extension that is 
supposed to
have a long form header to have a short form header  (eg .java source file
in incubator-openwhisk-runtime-java).  Run scancode.  It will still pass
that directory with no reported violations.

                 My proposed draconian fix was to get rid of the short 
form license.
An alternative fix would be to fix scancode to actually implement our
policies.  That is arguably a better fix.  But we need to do something to
improve.  The current tooling is too lenient.

--dave

[1]
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_apache_incubator-2Dopenwhisk-2Drelease_blob_master_docs_license-5Fcompliance.md&d=DwIFAg&c=jf_iaSHvJObTbx-siA1ZOg&r=6zQLM7Gc0Sv1iwayKOKa4_SFxRIxS478q2gZlAJj4Zw&m=jdpGy7bZrJDALZVsqXwyjHLL_jnn_Ha-c8LSpUOlJyw&s=lIoK2weENg6Hj0lqRppEyvBuH-DQivun1leiC_YEhRc&e=






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message