I was wondering if we can consider a maven plugin or some other approach in an automated way that might help us get to avoiding the current situation we have with respect to Category X license..
What are our thoughts on : - Integrating with a VersionEye OR equivalent stack wherein we use a version eye maven plugin to check for whitelisted / blacklisted licenses maintained in a version eye server - If answer is yes, is there an ASF server that we can use for our builds ? - There seems to be a maven plugin that might do this but I have not used it before. Does anyone have any opinion on https://github.com/mrice/license-check <https://github.com/mrice/license-check> ? Also what is our policy for undeclared licenses in the dependencies ? There is the license-maven-plugin from codehaus that lists these as “THIRD-PARTY” dependencies and can generate a report ( but cannot be used to break a build if a category x license is introduced as a PR ) Regards, Ananth > On 2 Nov 2017, at 6:10 am, Vlad Rozov <vro...@apache.org> wrote: > > It does not matter whether sql (and demos) is part of the main profile or > not. It is a source release, not a binary release and source includes all > profiles. > > Thank you, > > Vlad > > On 11/1/17 11:50, Pramod Immaneni wrote: >> Vlad can you add this command to the release instructions and the committer >> guidelines. If we are unable to address this for this release, we can >> consider moving examples to all-modules, sql is already not in the main >> profile. >> >> On Mon, Oct 30, 2017 at 7:23 PM, Vlad Rozov <vro...@apache.org> wrote: >> >>> The following command may help to identify dependencies: >>> >>> find . -name DEPENDENCIES -print | xargs grep -n License: | grep -vE >>> "Apache|CDDL|MIT|BSD|ASF|Public Domain|Eclipse Public License|Mozilla >>> Public|Common Public|apache.org" >>> >>> Thank you, >>> >>> Vlad >>> >>> On 10/28/17 20:19, Ananth G wrote: >>> >>>> Before we proceed with the release, could I please get some thoughts on >>>> the following JIRAs that need resolution. If we can move some of these out >>>> of 3.8.0 to the next release , then I can proceed with the release >>>> instructions. >>>> >>>> There are two JIRAs that are marked 3.8.0 and not yet resolved: >>>> >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2461 < >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2461> (This is the one >>>> that Vlad raised below about Category X dependencies ) >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2498 < >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2498> (Kafka Tests >>>> being flaky ) >>>> >>>> The following is marked as “In progress” >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2462 < >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2462> : This I believe >>>> was kept in progress by Thomas for some follow up tasks and hence I believe >>>> we can move it to post 3.8.0 release ? >>>> >>>> >>>> @Vlad: Regarding APEXMALHAR-2461, How are you generating the license >>>> reports ? I have tried using license-maven-plugin ( from codehaus ) and it >>>> does generate a report but there is nothing which provides a report based >>>> on the violations ( and hence being forced to open each project under >>>> examples and comparing it with the licenses list from the allowed licenses >>>> link that you provided in the mailing list a few days back). Is there a >>>> more optimal way to see the current list of violations in a concise way ? >>>> >>>> Regards, >>>> Ananth >>>> >>>> On 27 Oct 2017, at 5:53 am, Tushar Gosavi <tus...@datatorrent.com> wrote: >>>>> Hi Vlad, >>>>> >>>>> As far as I remember, I had access to staging maven area while doing >>>>> previous apex release. You will need to update .m2/settings.xml with >>>>> apache >>>>> credential to access the maven repository. >>>>> >>>>> Regards, >>>>> -Tushar. >>>>> >>>>> >>>>> On Thu, Oct 26, 2017 at 11:02 PM, Vlad Rozov <vro...@apache.org> wrote: >>>>> >>>>> Please send your PGP public key to one of PMC members to be added to >>>>>> KEYS. >>>>>> I don't remember if only PMC have access to staging Apache maven, it >>>>>> may be >>>>>> the case. Tushar, did you have write access to the staging Apache maven >>>>>> when you did the release? >>>>>> >>>>>> What do we do with https://issues.apache.org/jira >>>>>> /browse/APEXMALHAR-2461? >>>>>> >>>>>> Thank you, >>>>>> >>>>>> Vlad >>>>>> >>>>>> >>>>>> On 10/25/17 15:28, Ananth G wrote: >>>>>> >>>>>> I would like to volunteer to be the release manager for this. Given I >>>>>>> have not done this before I might have a few questions along the way >>>>>>> in the >>>>>>> mailing list. >>>>>>> >>>>>>> A couple of questions regarding the release process: >>>>>>> >>>>>>> - In the link https://apex.apache.org/release.html , in the section >>>>>>> titled “Build and deploy release candidate” there is a mention of >>>>>>> adding >>>>>>> GPG keys. >>>>>>> - Is it mandatory for the release manager gpg public key to be >>>>>>> present in the list >>>>>>> - If it is how do I get my key added to that list >>>>>>> - In the same section of the above link there is a mention of >>>>>>> configuring >>>>>>> the server apache.staging.https in the maven settings file. >>>>>>> - I am not able to reach this server ? Is this expected? >>>>>>> - The userid and password to be configured are our committer >>>>>>> ids >>>>>>> ? >>>>>>> >>>>>>> Regards >>>>>>> Ananth >>>>>>> >>>>>>> On 26 Oct 2017, at 4:04 am, Ananth G <ananthg.a...@gmail.com> wrote: >>>>>>> >>>>>>>> +1 for malhar release. >>>>>>>> >>>>>>>> >>>>>>>> Regards, >>>>>>>> Ananth >>>>>>>> >>>>>>>> On 26 Oct 2017, at 3:20 am, Bhupesh Chawda <bhup...@datatorrent.com> >>>>>>>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> +1 for malhar release >>>>>>>>> >>>>>>>>> ~ Bhupesh >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________________ >>>>>>>>> >>>>>>>>> Bhupesh Chawda >>>>>>>>> >>>>>>>>> E: bhup...@datatorrent.com | Twitter: @bhupeshsc >>>>>>>>> >>>>>>>>> www.datatorrent.com | apex.apache.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Oct 25, 2017 at 9:37 PM, Chinmay Kolhatkar < >>>>>>>>> chin...@datatorrent.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> +1. >>>>>>>>> >>>>>>>>>> - Chinmay. >>>>>>>>>> >>>>>>>>>> On 25 Oct 2017 9:20 pm, "Chaitanya Chebolu" < >>>>>>>>>> chaita...@datatorrent.com >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> +1 on new release. >>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> On Wed, Oct 25, 2017 at 9:09 PM, Vlad Rozov <vro...@apache.org> >>>>>>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> +1. >>>>>>>>>>>> >>>>>>>>>>>> Thank you, >>>>>>>>>>>> >>>>>>>>>>>> Vlad >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On 10/25/17 08:21, Amol Kekre wrote: >>>>>>>>>>>> >>>>>>>>>>>>> +1 on a new malhar release. >>>>>>>>>>>>> >>>>>>>>>>>>> Thks, >>>>>>>>>>>>> Amol >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> E:a...@datatorrent.com | M: 510-449-2606 | Twitter: >>>>>>>>>>>>> @*amolhkekre* >>>>>>>>>>>>> >>>>>>>>>>>>> www.datatorrent.com >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Oct 24, 2017 at 9:12 PM, Tushar Gosavi < >>>>>>>>>>>>> >>>>>>>>>>>>> tus...@datatorrent.com> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> +1 on creating a new malhar release. >>>>>>>>>>>>> - Tushar. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Oct 25, 2017 at 4:39 AM, Pramod Immaneni < >>>>>>>>>>>>>> >>>>>>>>>>>>>> pra...@datatorrent.com >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> +1 on creating a new release. I, unfortunately, do not have the >>>>>>>>>>>>>> time >>>>>>>>>>>>>> >>>>>>>>>>>>>> currently to participate in the release activities. >>>>>>>>>>>>>>> On Mon, Oct 23, 2017 at 7:15 PM, Thomas Weise <t...@apache.org> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>> The last release was back in March, there are quite a few JIRAs >>>>>>>>>>> that >>>>>>>>>>> >>>>>>>>>>>> have >>>>>>>>>>>>>>> been completed since and should be released. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://issues.apache.org/jira/issues/?jql=fixVersion% >>>>>>>>>>>>>>>> 20%3D%203.8.0%20AND%20project%20%3D%20APEXMALHAR%20ORDER% >>>>>>>>>>>>>>>> 20BY%20status%20ASC >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> From looking at the list there is nothing that should stand >>>>>>>>>>>>>>>> in >>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> way >>>>>>>>>>>>>> of a >>>>>>>>>>>>> release? >>>>>>>>>>>>>>>> Also, once the release is out it would be a good opportunity >>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> effect >>>>>>>>>>>>>> the >>>>>>>>>>>>> major version change. >>>>>>>>>>>>>>>> Anyone interested to be the release manager? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>> Thomas >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>> *Chaitanya* >>>>>>>>>>> >>>>>>>>>>> Software Engineer >>>>>>>>>>> >>>>>>>>>>> E: chaita...@datatorrent.com | Twitter: @chaithu1403 >>>>>>>>>>> >>>>>>>>>>> www.datatorrent.com | apex.apache.org >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >