[
https://issues.apache.org/jira/browse/HADOOP-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15283312#comment-15283312
]
Sean Busbey commented on HADOOP-12893:
--------------------------------------
{quote}
My understanding is LICENSE / NOTICE of binary distribution should be a
superset of source distribution. Is it good enough to have a separate
binary-distribution-only LICENSE / NOTICE file and we can concat
binary-distribution-only and source-distribution L/N while releasing?
{quote}
This is not necessarily true, though I haven't done a sufficient review to say
if it is for Hadoop or not. As an example, one could have some third party code
bundled in the test sources and produce a binary distribution tarball with no
test files in it. Similarly, if the main classes include some third party work
but the tests do not, then the main jar and the test jar would be different.
(which would matter if the test jar is published to maven.)
{quote}
In the L&N we say whether something applies to the binary or the source
distribution. I saw this elsewhere, and it really reduces the POM work
required.
{quote}
I've seen this a few places, but unfortunately it's incorrect. I've been slowly
working through projects to help correct them, but it's a long slog.
{quote}
I'd like to appeal to a reasonable person standard. We're making a big
effort here to be compliant, and if we do the above, it'll be clear what
does and doesn't apply to each artifact. In the meanwhile, our releases are
blocked.
If additional work really is required, maybe it could also be done as a
follow-on.
{quote}
That's entirely up to the Hadoop PMC. I can certainly understand the reasoning
of an incremental approach that starts with getting us out of violating the
licenses of third parties and works towards compliance with ASF Policy.
I would be concerned if "follow-on" turned into "next release" perpetually;
having releases blocked provides a kind of motivation that little else can. We
need to end up in a place where everything we distribute meets ASF Policy, but
folks generally understand that this can take some time.
Keep in mind that release voting is majority, so it might be worth a straw poll
of how the PMC would vote if a given release met the requirements for third
party licenses but did not yet meet ASF policy on license notifications.
> Verify LICENSE.txt and NOTICE.txt
> ---------------------------------
>
> Key: HADOOP-12893
> URL: https://issues.apache.org/jira/browse/HADOOP-12893
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.8.0, 2.7.3, 2.6.5, 3.0.0-alpha1
> Reporter: Allen Wittenauer
> Assignee: Xiao Chen
> Priority: Blocker
> Attachments: HADOOP-12893.01.patch
>
>
> We have many bundled dependencies in both the source and the binary artifacts
> that are not in LICENSE.txt and NOTICE.txt.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
