taverna-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stian Soiland-Reyes <st...@apache.org>
Subject Re: [DISCUSS] Release candidate 2 of Command-line Tool 3.1.0-incubating
Date Fri, 03 Jun 2016 15:38:57 GMT
On 2 June 2016 at 19:50, Gale Naylor <GaleN@noventussolutions.com> wrote:
> I'm so sorry - I've been replying to the VOTE thread.
>
> I'll copy my comments here:
>
> ------------------------------------------
> UP-FRONT CHECKS
> ------------------------------------------
> The MD5 checksums in the [VOTE] email are the same as the SHA1 checksums.
> I'm using the downloaded MD5 and SHA-1.

Yes, I copy-pasted wrong! :(

db4309131f4330832736586f6357d691
apache-taverna-commandline-3.1.0-incubating-source-release.zip
03c62e8d0d8a8862638655a3591597ba
apache-taverna-common-activities-2.1.0-incubating-source-release.zip
8113656bf4ac8ed4e5ed88cb1b0da15d
apache-taverna-engine-3.1.0-incubating-source-release.zip


(Perhaps we need a vote-email script!

> -------------------
> GNU License?
>
> The list of # Already used licenses in project : includes
>
> # - GNU Lesser General Public License, Version 2.1
> Isn't this a category-x license? (It doesn't show up in the
> "Please fill in the missing licenses" list at the bottom of the file.)

I assume you mean
apache-taverna-engine-3.1.0-incubating/src/license/THIRD-PARTY.properties

which is used if you run manually:

mvn license:aggregate-add-third-party

http://www.mojohaus.org/license-maven-plugin/aggregate-add-third-party-mojo.html

which will generate

target/generated-sources/license/THIRD-PARTY.txt

based on the <dependencies> and transitive dependencies.


Usually the plugin picks up license info from the POM <licenses>
section, but some projects don't provide that, in which case the
properties file can fill in the blanks.

The "Already used" section is written by the plugin if you use
-Dlicense.useMissingFile=true


But all the LGPL licenses in the report are dual-licensed also as
Apache license:

stain@biggiebuntu:~/rc/dist/test/apache-taverna-engine-3.1.0-incubating$
grep GNU target/generated-sources/license/THIRD-PARTY.txt
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.2.2 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.3.0 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) Jackson-annotations
(com.fasterxml.jackson.core:jackson-annotations:2.3.3 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) Jackson-core
(com.fasterxml.jackson.core:jackson-core:2.2.2 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) Jackson-core
(com.fasterxml.jackson.core:jackson-core:2.3.3 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.2.2 -
http://wiki.fasterxml.com/JacksonHome)
     (GNU Lesser General Public License, Version 2.1) (The Apache
Software License, Version 2.0) jackson-databind
(com.fasterxml.jackson.core:jackson-databind:2.3.3 -
http://wiki.fasterxml.com/JacksonHome)



>
> -------------------
> Missing license information:
>
> # http://x-stream.github.io/license.html - this link says BSD (but not
> which type);
> should this copyright be included in our Notice file?

Not in our NOTICE file yet, as we don't bundle the x-stream library,
we just depend on it.

But we would need to include that (and much more) in the NOTICE of the
ZIP-file from taverna-commandline-product when/if we decide to
distribute that as a binary release.


> org.aopalliance--com.springsource.org.aopalliance--1.0.0  - no license
> listed

Should be clean:

http://aopalliance.sourceforge.net/

> LICENCE: all the source code provided by AOP Alliance is Public Domain.

(Oh my, that dependency is more than 12 years old..!)



> # https://github.com/hunterhacker/jdom/blob/jdom-1.1/core/LICENSE.txt  -
> this link has a copyright;
> include in Notice file? What do we use for "type" of license? "Copyright?"
> Or is this also a "JDOM License" like
> org.jdom--com.springsource.org.jdom--1.1.0?

I think we can just call it the "JDOM license".   Same as above, no
need for NOTICE as we don't bundle the JAR.

> # http://www.xmlpull.org/  - no license listed



> Aren't the following licenses listed under category-b, binary release only?

But we only have <dependency> on them, they are not distributed by ASF
(you won't find these dependencies in our source archive), so that is
OK.



> 1) University of Manchester copyright in taverna-provenanceconnector
> files (see previous email).

Bah! Well spotted! Danger of just disabling a Maven module!

That is however an (appearant) violation as it claims to be under
incompatible LGPL license -- that code was however covered by the
software grant and should have ASF headers.

I think we might have to pull the RC for this (we could get it through
the incubator if it was the first release, but this is our third!).



> 2) taverna-execution-hadoop Crossproduct.java file contains copyright
> by Adam Pingel and no ASF license.
>
>      I know this is copyright is included in the top level NOTICE
>      file, but doesn't it have to be removed from the Java file?

Strictly speaking we don't need to include that text in the NOTICE if
it is also in the file header, however we need it in the NOTICE so
that it also comes along in JARs in Maven Central.

I don't think we can move this away from the file header, as then
downstream consumers who decide to copy that file might then easily
violate:

> Redistributions of source code must retain the above copyright
> notice, this list of conditions and the following disclaimer.


> 1) Two README files without license headers:
> /taverna-engine-rc2/taverna-prov/README.md
> /taverna-engine-rc2/taverna-reference-types/README.md

I think it should be added - but personally I wouldn't block the
release for that alone.


> 2) One JSON file without license header
> /taverna-engine-rc2/taverna-run-impl/src/test/resources/workflowrun.json

It's tricky to add to JSON as it has no comment headers, but it's
possible to add something like this:


  "http://purl.org/dc/terms/rights": "Licensed to the Apache Software
Foundation (ASF) under one or more contributor license agreements.
See the NOTICE file distributed with this work for additional
information regarding copyright ownership.  The ASF licenses this file
to You under the Apache License, Version 2.0 (the 'License'); you may
not use this file except in compliance with the License.  You may
obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0 Unless required by
applicable law or agreed to in writing, software distributed under the
License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR
Cse": {"@id": "http://www.apache.org/licenses/LICENSE-2.0"},
ONDITIONS OF ANY KIND, either express or implied.  See the License for
the specific language governing permissions and limitations under the
License.",
  "http://purl.org/dc/terms/licen

> 3) Miscellaneous text and html files don't have a license header.
> (Also spring.handlers and spring.schemas.)
> Are these not considered "code?"

Not having checked deeper, but I think the spring.* files can't have
license headers. (They don't even have a newline!)

The spring-files are very small and not copyrightable (does not
achieve Work height) - so it's not a big issue they are missing
headers.

The HTML files should have license headers.  Also I think it's cleaner
to use package-info.java with regular Javadoc instead of package.html


> Examples:
> taverna-activity-archetype...goal.txt,
> taverna-credential-manager...text.html,
> taverna-prov...3a/3a82e39d-a537-40cf-91a0-2c89d4a2e62b.txt
> taverna-prov...greeting.txt
> taverna-prov...mimetype
> taverna-workflowmodel-impl...package.html
> taverna-reference-impl...spring.handlers (and spring.schemas)

Most of these are test resources which must match 1:1 -
documented in the RAT exclusions of pom.xml:

                        <exclude>**/*.txt</exclude> <!-- workflow values -->

<exclude>**/src/main/resources/archetype-resources/</exclude> <!--
Don't want our archetype to generate ASF headers -->
                        <exclude>**/META-INF/spring.*</exclude> <!--
Miniscule spring marker files -->
                        <exclude>**/workflowrun.json</exclude> <!--
example workflow run report -->


> 4) Files in services subdirectories also do not have a license headers. Are
> they exempt?
>
> Examples:
> taverna-credential-manager...services/
> org.apache.taverna.security.credentialmanager.CredentialProviderSPI
> taverna-dataflow-activity.../services/
> net.sf.taverna.t2.workflowmodel.health.HealthChecker

They are also very small (just listing classnames) and so would not be
copyrightable. However they would support a ## style copyright header
which we can add.



Thanks for a thorough check!

-- 
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons
http://orcid.org/0000-0001-9842-9718

Mime
View raw message