Mike Drob wrote:
Thanks for taking a look, Sean.
The LICENSE file in the source tarball refers to the BSD license and
includes "for details see
core/src/main/java/org/apache/accumulo/core/bloomfilter" and all files
there (BloomFilter.java, DynamicBloomFilter.java, and Filter.java) include
the full 3-Clause BSD license in the header. Similarly, the MIT clause has
"for details see server/monitor/src/main/resources/web/flot" which has a
LICENSE.txt
I have absolutely no idea if this is "sufficient" or not. I can
understand Sean's confusion in not seeing relevant licenses in the
LICENSE file.
Regarding the crypto, according towww.apache.org/dev/crypto.html#inform it
looks like we need to place that disclaimer in the README and not the
NOTICE file anyway. If you prefer this reading of the policy, can you file
a JIRA for making these changes and set it as a blocker? Thanks.
Yeah, NOTICE is not the right place for this, AFAIU. I wouldn't think
this is a blocker, but something we should just remove from the
src-release's NOTICE file.
Mike
On Fri, Jun 17, 2016 at 12:28 PM, Sean Busbey<[email protected]> wrote:
> -1
>
> good:
>
> * verified checksums and signatures
> * source artifact corresponds to referenced commit
> * source builds correctly with Oracle JDK 1.7.0_80 / Apache Maven
> 3.3.9 (including unit tests, not including ITs)
>
> bad:
>
> * LICENSE in source tarball references the "3 clause BSD" and "MIT"
> licenses but does not provide their text or a pointer to where the
> text can be found in the artifact.
> * NOTICE in the binary tarball doesn't include any of the encryption
> notice stuff that's in the source tarball NOTICE (I don't know if this
> information is required in the NOTICE file, but it seems like we
> should be consistent for things that are equally applicable in the
> two).
