On 11/06/2011 07:22 AM, Suresh Marru wrote:
For instance, Axis2 in its binary distribution mentioned "Please read the different
LICENSE files present in the lib directory of this distribution." And the lib
directory has a license file for most of the jars. Is this acceptable?
Right.
IMO Axis2 is not following the recommended or even required rules.
These rules however haven't been always that clear, and plenty of projects are
still using old, now outdated rules for this.
However for the Incubator, these rules have been made more clear and that is
what we should follow.
Note: these rules are not Incubator specific (although some others like for the
DISCLAIMER file is), its just that the Incubator is more strict on doing 'the
right thing'.
Alternatively, do you recommend the rave binary distribution approach:
NOTICE says "This product includes unmodified, binary redistributions of
software (AspectJ) developed for the Eclipse Foundation
(http://www.eclipse.org/aspectj), which is licensed under the Eclipse Public License.
An original copy of the license can be found at
http://eclipse.org/legal/epl-v10.html"; and the LICENSE file concatenates the
full EPL.
Yes.
Rave tries to follow the rules as good as possible, as should every (incubator
or not) Apache project.
Thanks,
Suresh
On Nov 6, 2011, at 7:12 AM, Suresh Marru wrote:
Hi Ate,
Thank you very much for reviewing and early feedback. This really helps to sort
out things before the formal vote which is still waiting on fixing the nexus
setup. As for the LICENSE and NOTICE files, I was lost reading too many release
guides. Your discussion on rave-dev list (http://goo.gl/v482T) helped me clear
up the confusion. Can you please verify if I understood the following correctly:
1) We will need to maintain two sets of LICENSE and NOTICE files. Since
airavata source does not have any external code in the source tree, the LICENSE
and NOTICE files within the root of source should remove mentioning of all
third party delegates and only should have ASF V2. Is this correct?
2) The binary distribution should have a different set of LICENSE and NOTICE
files. Since at build time, we pull in multiple jars in package them up, the
binary distribution should actually have all the licenses of the dependent jars
explicitly mentioned.
3) If we have multiple jars of same license, can we just name multiple
dependencies and the license/notice or should we explicitly spell out each one
separately?
If 2 is correct, can you please point me to a good reference (preferably java
project which bundles jars in distribution)? I tried to follow, https, axis2
and ODE examples. To my own surprise, in comparison, Airavata has fairly large
dependent jars (making the binary distribution 200MB). The diverse features may
be the reason, but that still not an excuse and this is something we need to
work in the future releases to closely analyze all dependencies and strip off
the ones which are really not needed or have redundant implementations.
Thanks,
Suresh
On Nov 6, 2011, at 4:48 AM, Ate Douma wrote:
Hi Suresh,
While I haven't checked out the code yet I noticed a first issue right up with
regards to the LICENSE and NOTICE files.
Currently these files 'delegate' to 3rd party LICENSE/NOTICE files embedded in
bundled artifacts. However, this is not according to the Apache rules and will
likely result in down voting this release if put up for vote.
Please use and follow the instructions and guidelines as given in the Incubator
Release Management Guideline [1] and specifically [2] for this.
[1] http://incubator.apache.org/guides/releasemanagement.html
[2]
http://incubator.apache.org/guides/releasemanagement.html#best-practice-license
Kind regards,
Ate
On 11/05/2011 06:53 PM, Suresh Marru wrote:
Discussion thread for vote on airavata 0.1-incubating release candidate.
Since we are waiting on the nexus setup for the formal vote, I am sending the
details ahead. So please continue testing and discuss results.
Detailed change log/release notes:
https://svn.apache.org/repos/asf/incubator/airavata/tags/0.1-incubating/RELEASE_NOTES
SVN source tag (r1198113):
https://svn.apache.org/repos/asf/incubator/airavata/tags/0.1-incubating/
Maven staging repo:
TODO
Source release:
http://people.apache.org/builds/incubator/airavata/0.1-incubating/apache-airavata-0.1-incubating-source.tar.gz
http://people.apache.org/builds/incubator/airavata/0.1-incubating/apache-airavata-0.1-incubating-source.zip
Binary Artifacts
http://people.apache.org/builds/incubator/airavata/0.1-incubating/apache-airavata-0.1-incubating-bin.tar.gz
http://people.apache.org/builds/incubator/airavata/0.1-incubating/apache-airavata-0.1-incubating-bin.zip
PGP release keys (signed using 617DDBAD):
https://svn.apache.org/repos/asf/incubator/airavata/KEYS
If you have any questions or feedback or to post results of validating the
release, please reply to this thread.
For reference, the Apache release guide -
http://www.apache.org/dev/release.html
Incubator specific release guidelines -
http://incubator.apache.org/guides/releasemanagement.html
Some tips to validate the release before you vote:
* Download the binary version and run the 5 minute or 10 minute tutorial as
described in README and website.
* Download the source files from compressed files and release tag and build
(which includes tests).
* Verify the distributon for the required LICENSE, NOTICE and DISCLAIMER files
* Verify if all the staged files are signed and the signature is verifiable.
* Verify if the signing key in the project's KEYS file is hosted on a public
server
Thanks for your time in validating the release and voting,
Suresh
