On 02/07/12 19:17, Simone Tripodi wrote:
Hi all Any23 people,
Good to see this!
I am writing today to open a VOTE to release Apache Any23
0.7.0-incubating. This is the first incubating release ever of the
Any23 podling.
Some of you have more experience of reviewing than I do so there is also
an element of "reviewing the reviewer" :-)
I have an IPMC binding vote so we can get enough here but I still think
that external review, however "robust" it might be, is a good thing.
== Major 1 (DERI)
The original code is from DERI and the few original files I checked did
not have a copyright statement but the Googlecode has:
[[
Copyright 2008-2011 Digital Enterprise Research Institute (DERI)
]]
I think this should be in NOTICE everywhere including jars.
(I hope any contributions at Googlecode have been tracked.)
== Major 2 (server-embedded and server)
LICENSE and NOTICE for server(-embedded) are minimal Apache. They
should include the information about the packaged and shipped binaries.
== Major 3 (recursive NOTICE)
Where binaries are shipped, don't we need to ship the recursive
NOTICE/LICENSE from the shipped binaries?
== Major 4 (WAR files)
NOTICE/LICENSE files in the WAR files don't cover the included binaries.
(and the N&L in the associated directories aren't always complete).
SVN source tag (r1356297):
https://svn.apache.org/repos/asf/incubator/any23/tags/any23-0.7.0-incubating/
Staging repo:
https://repository.apache.org/content/repositories/orgapacheany23-005/
Binaries & Source release, checksums and signatures are available at
the same location
== dist/
What is the plan for the /dist/incubator/any23 area?
It would be good to have a proposed dist area as part of the vote. I
know many maven-releasing projects skip this (then forget to put dist
up!) but it is better to have a mocked up dist on people.apache.org:~user.
We seem to be aiming for a flat directory of files, no split of
binaries/ and source/.
Staging site:
http://incubator.apache.org/any23/0.7.0-incubating
== Site
I see links directly into this from the web site but what about the
source release? Also, this should be to mirror scripts, not direct
links to links on to w.a.o/dist/ (although frankly the load put on by
small projects is probably trivial).
PGP release keys (signed using 19FEA27D):
http://www.apache.org/dist/incubator/any23/KEYS
== checking
I get a warning but otherwise this is OK:
gpg --verify any23-sources-dist-0.7.0-incubating-src.zip.asc
gpg: Signature made Mon Jul 2 16:23:39 2012 BST using DSA key ID 19FEA27D
gpg: Good signature from "Simone Tripodi (simonetripodi)
<[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
- - - - - - - - - - - - - - - - - - - - - - - - -
==== any23-sources-dist-0.7.0-incubating-src
checking done:
1/ Downloaded any23-sources-dist-0.7.0-incubating-src
2/ Checked .asc
3/ Unpacked and poked around.
This unpacks into a directory of a different name :
apache-any23-0.7.0-incubating/
But this is also used when I unpack core. Different would be better
IMHO - some files like LICENSE and NOTICE overwrite.
== LICENSE & NOTICE:
Q1/ What about the original codebase? Even if software granted, isn't
it (c) the original creator? It would be safer to include in NOTICE a
line to this affect as if the copyright notice had been moved (I know
the DERI contribution did not have copyrights on all the files but they
are still copyright'ed).
Q2/ How much "based on" Sesame is the NQuads parser?
A bit of random poking around:
core/src/test/resources/html/rdfa/base-handling.html:
(c) DERI
Lots of the microformats file have copyrights on them which are not
mentioned in NOTICE
e.g.
core/src/test/resources/microformats/hlisting/kelkoo-full.html
==> Copyright Yahoo
core/src/test/resources/microformats/hcard/infinite-loop.html
==> Copyright Adobe
apache-any23-0.7.0-incubating/service/src/main/webapp/resources/simplePopup/jquery-1.4.2.js
==> JQuery : copyright John Resig and also Dojo foundation.
And this could do with at least the one line ASF header
apache-any23-0.7.0-incubating/core/src/test/resources/application/nquads/test1.nq
and this is quite large:
apache-any23-0.7.0-incubating/core/src/test/resources/application/nquads/test2.nq
and would not be harmed by the full license header.
4/ mvn clean test
Works - quite a lot of output.
- - - - - - - - - - - - - - - - - - - - - - - - -
==== any23-core-0.7.0-incubating-bin.zip
Comments about DERI copyright apply.
1/
[[ LICENSE.txt
The Apache Any23 distribution packages include a number of dependencies
with separate copyright notices and license terms. Your use of the
source code for the these dependencies is subject to the terms and
conditions of the following licenses.
]]
"source code" - we're shipping binaries.
2/
NOTICE:
As we're shipping binaries, any of the Apache items may need recursively
inclusions:
example:
----------
Apache Xerces Java
Copyright 1999-2011, 2012 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
Portions of this software were originally based on the following:
- software copyright (c) 1999, IBM Corporation., http://www.ibm.com.
- software copyright (c) 1999, Sun Microsystems., http://www.sun.com.
- voluntary contributions made by Paul Eng on behalf of the
Apache Software Foundation that were originally developed at
iClick, Inc., software copyright (c) 1999.
----------
3/ (Minor)
README says:
[[
Add M2 environment variable to your path, e.g. export PATH=$ANY23:$PATH
]]
Is M2 a typo for ANY23?
- - - - - - - - - - - - - - - - - - - - - - - - -
==== apache-any23-service-0.7.0-incubating-server-embedded/
LICENSE and NOTICE look incomplete: no mention of any shipped binaries
They look right in apache-any23-service-0.7.0-incubating though.
For example: Jetty is not mentioned and includes other stuff:
---------
Jetty Web Container
Copyright 1995-2012 Mort Bay Consulting Pty Ltd.
under the Apache 2.0 License.
The Jetty Web Container includes:
UnixCrypt.java
Copyright 1996 Aki Yoshida,
modified April 2001 by Iris Van den Broeke, Daniel Deville.
---------
Minor:
README.txt:
The maven timestamp bug bites again?
-----
Apache Any23 Service (tags/any23-0.7.0-incubating/service@r1356282;
${maven.build.timestamp})
-----
(you have to assign it to a property to get it to work IIRC - or the
file was not filtered).
- - - - - - - - - - - - - - - - - - - - - - - - -
== apache-any23-service-0.7.0-incubating-server
As embbeded : minimal LICENSE and NOTICE but no mention of included
binaries.
- - - - - - - - - - - - - - - - - - - - - - - - -
== apache-any23-service-0.7.0-incubating-without-deps
NOTICE/LICENSE files don't cover WAR file contents. This may apply
elsewhere.
== WAR files.
The war file contains jquery.
Simple Popup needs some kind of license.
NOTICE/LICENSE files in the WAR files don't cover the included binaries.
Vote will be o
pen for at least 72 hours and will close approximately
on Thru 5th at ~6pm GMT
So please PPMCS, committers and users... cast your votes!
Andy
