Hi Vinay Thanx for driving the release. Verified checksums and tried building from source. Everything seems to be working fine. But I feel the concerns regarding licences are valid. IMO we should fix them and include HADOOP-16895 too in the release
-Ayush > On 29-Feb-2020, at 1:45 AM, Vinayakumar B <vinayakum...@apache.org> wrote: > > https://issues.apache.org/jira/browse/HADOOP-16895 jira created for > handling LICENCE and NOTICEs > PR also has been raised for a proposal. Please validate > https://github.com/apache/hadoop-thirdparty/pull/6 > > -Vinay > > >> On Fri, Feb 28, 2020 at 11:48 PM Vinayakumar B <vinayakum...@apache.org> >> wrote: >> >> Thanks Elek for detailed verification. >> >> Please find inline replies. >> >> -Vinay >> >> >>> On Fri, Feb 28, 2020 at 7:49 PM Elek, Marton <e...@apache.org> wrote: >>> >>> >>> Thank you very much to work on this release Vinay, 1.0.0 is always a >>> hard work... >>> >>> >>> 1. I downloaded it and I can build it from the source >>> >>> 2. Checked the signature and the sha512 of the src package and they are >>> fine >>> >>> 3. Yetus seems to be included in the source package. I am not sure if >>> it's intentional but I would remove the patchprocess directory from the >>> tar file. >>> >>> Since dev-support/create-release script and assembly file is copied from >> hadoop-repo, I can find this issue exits in hadoop source release packages >> as well. ex: I checked 3.1.2 and 2.10 src packages. >> I will raise a Jira and fix this for both hadoop and thirdparty. >> >> 4. NOTICE.txt seems to be outdated (I am not sure, but I think the >>> Export Notice is unnecessary, especially for the source release, also >>> the note about the bouncycastle and Yarn server is unnecessary). >>> >>> Again, NOTICE.txt was copied from Hadoop and kept as is. I will create a >> jira to decide about NOTICE and LICENSEs >> >> 5. NOTICE-binary and LICENSE-binary seems to be unused (and they contain >>> unrelated entries, especially the NOTICE). IMHO >>> >>> We can decide in the Jira whether NOTICE-binary and LICENSE-binary to be >> used or not. >> >> 6. As far as I understand the binary release in this case is the maven >>> artifact. IANAL but the original protobuf license seems to be missing >>> from "unzip -p hadoop-shaded-protobuf_3_7-1.0.0.jar META-INF/LICENSE.txt" >>> >> >> I observed that there is one more file "META-INF/DEPENDENCIES" generated >> by shade plugin, which have reference to shaded artifacts and poniting to >> link of the original artifact LICENSE. I think this should be sufficient >> about protobuf's original license. >> IMO, "META-INF/LICENSE.txt" should point to current project's LICENSE, >> which in-turn can have contents/pointers of dependents' licenses. Siimilar >> approach followed in hadoop-shaded-client jars. >> >> hadoop's artifacts also will be uploaded to maven repo during release, >> which doesnot carry all LICENSE files in artifacts. It just says "See >> licenses/ for text of these licenses" which doesnot exist in artifact. May >> be we need to fix this too. >> >> 7. Minor nit: I would suggest to use only the filename in the sha512 >>> files (instead of having the /build/source/target prefix). It would help >>> to use `sha512 -c` command to validate the checksum. >>> >>> >> Again, this is from create-release script. will update the script. >> >> Thanks again to work on this, >>> Marton >>> >>> ps: I am not experienced with licensing enough to judge which one of >>> these are blocking and I might be wrong. >>> >>> >> IMO, none of these should be blocking and can be handled before next >> release. Still if someone feels this should be fixed and RC should be cut >> again, I am open to it. >> >> Thanks. >> >>> >>> >>> On 2/25/20 8:17 PM, Vinayakumar B wrote: >>>> Hi folks, >>>> >>>> Thanks to everyone's help on this release. >>>> >>>> I have created a release candidate (RC0) for Apache Hadoop Thirdparty >>> 1.0.0. >>>> >>>> RC Release artifacts are available at : >>>> >>> http://home.apache.org/~vinayakumarb/release/hadoop-thirdparty-1.0.0-RC0/ >>>> >>>> Maven artifacts are available in staging repo: >>>> >>> https://repository.apache.org/content/repositories/orgapachehadoop-1258/ >>>> >>>> The RC tag in git is here: >>>> https://github.com/apache/hadoop-thirdparty/tree/release-1.0.0-RC0 >>>> >>>> And my public key is at: >>>> https://dist.apache.org/repos/dist/release/hadoop/common/KEYS >>>> >>>> *This vote will run for 5 days, ending on March 1st 2020 at 11:59 pm >>> IST.* >>>> >>>> For the testing, I have verified Hadoop trunk compilation with >>>> "-DdistMgmtSnapshotsUrl= >>>> >>> https://repository.apache.org/content/repositories/orgapachehadoop-1258/ >>>> -Dhadoop-thirdparty-protobuf.version=1.0.0" >>>> >>>> My +1 to start. >>>> >>>> -Vinay >>>> >>> >> --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org
