https://issues.apache.org/jira/browse/HADOOP-16895 jira created for handling LICENCE and NOTICEs PR also has been raised for a proposal. Please validate https://github.com/apache/hadoop-thirdparty/pull/6
-Vinay On Fri, Feb 28, 2020 at 11:48 PM Vinayakumar B <vinayakum...@apache.org> wrote: > Thanks Elek for detailed verification. > > Please find inline replies. > > -Vinay > > > On Fri, Feb 28, 2020 at 7:49 PM Elek, Marton <e...@apache.org> wrote: > >> >> Thank you very much to work on this release Vinay, 1.0.0 is always a >> hard work... >> >> >> 1. I downloaded it and I can build it from the source >> >> 2. Checked the signature and the sha512 of the src package and they are >> fine >> >> 3. Yetus seems to be included in the source package. I am not sure if >> it's intentional but I would remove the patchprocess directory from the >> tar file. >> >> Since dev-support/create-release script and assembly file is copied from > hadoop-repo, I can find this issue exits in hadoop source release packages > as well. ex: I checked 3.1.2 and 2.10 src packages. > I will raise a Jira and fix this for both hadoop and thirdparty. > > 4. NOTICE.txt seems to be outdated (I am not sure, but I think the >> Export Notice is unnecessary, especially for the source release, also >> the note about the bouncycastle and Yarn server is unnecessary). >> >> Again, NOTICE.txt was copied from Hadoop and kept as is. I will create a > jira to decide about NOTICE and LICENSEs > > 5. NOTICE-binary and LICENSE-binary seems to be unused (and they contain >> unrelated entries, especially the NOTICE). IMHO >> >> We can decide in the Jira whether NOTICE-binary and LICENSE-binary to be > used or not. > > 6. As far as I understand the binary release in this case is the maven >> artifact. IANAL but the original protobuf license seems to be missing >> from "unzip -p hadoop-shaded-protobuf_3_7-1.0.0.jar META-INF/LICENSE.txt" >> > > I observed that there is one more file "META-INF/DEPENDENCIES" generated > by shade plugin, which have reference to shaded artifacts and poniting to > link of the original artifact LICENSE. I think this should be sufficient > about protobuf's original license. > IMO, "META-INF/LICENSE.txt" should point to current project's LICENSE, > which in-turn can have contents/pointers of dependents' licenses. Siimilar > approach followed in hadoop-shaded-client jars. > > hadoop's artifacts also will be uploaded to maven repo during release, > which doesnot carry all LICENSE files in artifacts. It just says "See > licenses/ for text of these licenses" which doesnot exist in artifact. May > be we need to fix this too. > > 7. Minor nit: I would suggest to use only the filename in the sha512 >> files (instead of having the /build/source/target prefix). It would help >> to use `sha512 -c` command to validate the checksum. >> >> > Again, this is from create-release script. will update the script. > > Thanks again to work on this, >> Marton >> >> ps: I am not experienced with licensing enough to judge which one of >> these are blocking and I might be wrong. >> >> > IMO, none of these should be blocking and can be handled before next > release. Still if someone feels this should be fixed and RC should be cut > again, I am open to it. > > Thanks. > >> >> >> On 2/25/20 8:17 PM, Vinayakumar B wrote: >> > Hi folks, >> > >> > Thanks to everyone's help on this release. >> > >> > I have created a release candidate (RC0) for Apache Hadoop Thirdparty >> 1.0.0. >> > >> > RC Release artifacts are available at : >> > >> http://home.apache.org/~vinayakumarb/release/hadoop-thirdparty-1.0.0-RC0/ >> > >> > Maven artifacts are available in staging repo: >> > >> https://repository.apache.org/content/repositories/orgapachehadoop-1258/ >> > >> > The RC tag in git is here: >> > https://github.com/apache/hadoop-thirdparty/tree/release-1.0.0-RC0 >> > >> > And my public key is at: >> > https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >> > >> > *This vote will run for 5 days, ending on March 1st 2020 at 11:59 pm >> IST.* >> > >> > For the testing, I have verified Hadoop trunk compilation with >> > "-DdistMgmtSnapshotsUrl= >> > >> https://repository.apache.org/content/repositories/orgapachehadoop-1258/ >> > -Dhadoop-thirdparty-protobuf.version=1.0.0" >> > >> > My +1 to start. >> > >> > -Vinay >> > >> >