I was wondering if we can consider a maven plugin or some other approach in an 
automated way that might help us get to avoiding the current situation we have 
with respect to Category X license.. 


What are our thoughts on :

- Integrating with a VersionEye OR  equivalent stack wherein we use a version 
eye maven plugin to check for whitelisted / blacklisted licenses maintained in 
a version eye server 
- If answer is yes,  is there an ASF server that we can use for our builds ? 
- There seems to be a maven plugin that might do this but I have not used it 
before. Does anyone have any opinion on https://github.com/mrice/license-check 
<https://github.com/mrice/license-check> ? 

Also what is our policy for undeclared licenses in the dependencies ? There is 
the license-maven-plugin from codehaus that lists these as “THIRD-PARTY” 
dependencies and can generate a report ( but cannot be used to break a build if 
a category x license is introduced as a PR )


Regards,
Ananth 


> On 2 Nov 2017, at 6:10 am, Vlad Rozov <vro...@apache.org> wrote:
> 
> It does not matter whether sql (and demos) is part of the main profile or 
> not. It is a source release, not a binary release and source includes all 
> profiles.
> 
> Thank you,
> 
> Vlad
> 
> On 11/1/17 11:50, Pramod Immaneni wrote:
>> Vlad can you add this command to the release instructions and the committer
>> guidelines. If we are unable to address this for this release, we can
>> consider moving examples to all-modules, sql is already not in the main
>> profile.
>> 
>> On Mon, Oct 30, 2017 at 7:23 PM, Vlad Rozov <vro...@apache.org> wrote:
>> 
>>> The following command may help to identify dependencies:
>>> 
>>> find . -name DEPENDENCIES -print | xargs grep -n License: | grep -vE
>>> "Apache|CDDL|MIT|BSD|ASF|Public Domain|Eclipse Public License|Mozilla
>>> Public|Common Public|apache.org"
>>> 
>>> Thank you,
>>> 
>>> Vlad
>>> 
>>> On 10/28/17 20:19, Ananth G wrote:
>>> 
>>>> Before we proceed with the release, could I please get some thoughts on
>>>> the following JIRAs that need resolution. If we can move some of these out
>>>> of 3.8.0 to the next release , then I can proceed with the release
>>>> instructions.
>>>> 
>>>> There are two JIRAs that are marked 3.8.0 and not yet resolved:
>>>> 
>>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2461 <
>>>> https://issues.apache.org/jira/browse/APEXMALHAR-2461> (This is the one
>>>> that Vlad raised below about Category X dependencies )
>>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2498 <
>>>> https://issues.apache.org/jira/browse/APEXMALHAR-2498> (Kafka Tests
>>>> being flaky )
>>>> 
>>>> The following is marked as “In progress”
>>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2462 <
>>>> https://issues.apache.org/jira/browse/APEXMALHAR-2462> : This I believe
>>>> was kept in progress by Thomas for some follow up tasks and hence I believe
>>>> we can move it to post 3.8.0 release ?
>>>> 
>>>> 
>>>> @Vlad: Regarding APEXMALHAR-2461, How are you generating the license
>>>> reports ? I have tried using license-maven-plugin ( from codehaus ) and it
>>>> does generate a report but there is nothing which provides a report based
>>>> on the violations ( and hence being forced to open each project under
>>>> examples and comparing it with the licenses list from the allowed licenses
>>>> link that you provided in the mailing list a few days back). Is there a
>>>> more optimal way to see the current list of violations in a concise way ?
>>>> 
>>>> Regards,
>>>> Ananth
>>>> 
>>>> On 27 Oct 2017, at 5:53 am, Tushar Gosavi <tus...@datatorrent.com> wrote:
>>>>> Hi Vlad,
>>>>> 
>>>>> As far as I remember, I had access to staging maven area while doing
>>>>> previous apex release. You will need to update .m2/settings.xml with
>>>>> apache
>>>>> credential to access the maven repository.
>>>>> 
>>>>> Regards,
>>>>> -Tushar.
>>>>> 
>>>>> 
>>>>> On Thu, Oct 26, 2017 at 11:02 PM, Vlad Rozov <vro...@apache.org> wrote:
>>>>> 
>>>>> Please send your PGP public key to one of PMC members to be added to
>>>>>> KEYS.
>>>>>> I don't remember if only PMC have access to staging Apache maven, it
>>>>>> may be
>>>>>> the case. Tushar, did you have write access to the staging Apache maven
>>>>>> when you did the release?
>>>>>> 
>>>>>> What do we do with https://issues.apache.org/jira
>>>>>> /browse/APEXMALHAR-2461?
>>>>>> 
>>>>>> Thank you,
>>>>>> 
>>>>>> Vlad
>>>>>> 
>>>>>> 
>>>>>> On 10/25/17 15:28, Ananth G wrote:
>>>>>> 
>>>>>> I would like to volunteer to be the release manager for this. Given I
>>>>>>> have not done this before I might have a few questions along the way
>>>>>>> in the
>>>>>>> mailing list.
>>>>>>> 
>>>>>>> A couple of questions regarding the release process:
>>>>>>> 
>>>>>>> - In the link https://apex.apache.org/release.html , in the section
>>>>>>> titled “Build and deploy release candidate” there is a mention of
>>>>>>> adding
>>>>>>> GPG keys.
>>>>>>>          - Is it mandatory for the release manager gpg public key to be
>>>>>>> present in the list
>>>>>>>          - If it is how do I get my key added to that list
>>>>>>> - In the same section of the above link there is a mention of
>>>>>>> configuring
>>>>>>> the server apache.staging.https in the maven settings file.
>>>>>>>          - I am not able to reach this server ? Is this expected?
>>>>>>>          - The userid and password to be configured are our committer
>>>>>>> ids
>>>>>>> ?
>>>>>>> 
>>>>>>> Regards
>>>>>>> Ananth
>>>>>>> 
>>>>>>> On 26 Oct 2017, at 4:04 am, Ananth G <ananthg.a...@gmail.com> wrote:
>>>>>>> 
>>>>>>>> +1 for malhar release.
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Regards,
>>>>>>>> Ananth
>>>>>>>> 
>>>>>>>> On 26 Oct 2017, at 3:20 am, Bhupesh Chawda <bhup...@datatorrent.com>
>>>>>>>> 
>>>>>>>>> wrote:
>>>>>>>>> 
>>>>>>>>> +1 for malhar release
>>>>>>>>> 
>>>>>>>>> ~ Bhupesh
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> _______________________________________________________
>>>>>>>>> 
>>>>>>>>> Bhupesh Chawda
>>>>>>>>> 
>>>>>>>>> E: bhup...@datatorrent.com | Twitter: @bhupeshsc
>>>>>>>>> 
>>>>>>>>> www.datatorrent.com  |  apex.apache.org
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> 
>>>>>>>>> On Wed, Oct 25, 2017 at 9:37 PM, Chinmay Kolhatkar <
>>>>>>>>> chin...@datatorrent.com>
>>>>>>>>> wrote:
>>>>>>>>> 
>>>>>>>>> +1.
>>>>>>>>> 
>>>>>>>>>> - Chinmay.
>>>>>>>>>> 
>>>>>>>>>> On 25 Oct 2017 9:20 pm, "Chaitanya Chebolu" <
>>>>>>>>>> chaita...@datatorrent.com
>>>>>>>>>> wrote:
>>>>>>>>>> 
>>>>>>>>>> +1 on new release.
>>>>>>>>>> 
>>>>>>>>>>> Thanks,
>>>>>>>>>>> 
>>>>>>>>>>> On Wed, Oct 25, 2017 at 9:09 PM, Vlad Rozov <vro...@apache.org>
>>>>>>>>>>> 
>>>>>>>>>>>> wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>> +1.
>>>>>>>>>>>> 
>>>>>>>>>>>> Thank you,
>>>>>>>>>>>> 
>>>>>>>>>>>> Vlad
>>>>>>>>>>>> 
>>>>>>>>>>>> 
>>>>>>>>>>>> On 10/25/17 08:21, Amol Kekre wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>>> +1 on a new malhar release.
>>>>>>>>>>>>> 
>>>>>>>>>>>>> Thks,
>>>>>>>>>>>>> Amol
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> E:a...@datatorrent.com | M: 510-449-2606 | Twitter:
>>>>>>>>>>>>> @*amolhkekre*
>>>>>>>>>>>>> 
>>>>>>>>>>>>> www.datatorrent.com
>>>>>>>>>>>>> 
>>>>>>>>>>>>> 
>>>>>>>>>>>>> On Tue, Oct 24, 2017 at 9:12 PM, Tushar Gosavi <
>>>>>>>>>>>>> 
>>>>>>>>>>>>> tus...@datatorrent.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>> 
>>>>>>>>>>>> +1 on creating a new malhar release.
>>>>>>>>>>>>> - Tushar.
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> On Wed, Oct 25, 2017 at 4:39 AM, Pramod Immaneni <
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> pra...@datatorrent.com
>>>>>>>>>>>> wrote:
>>>>>>>>>>>> 
>>>>>>>>>>>>> +1 on creating a new release. I, unfortunately, do not have the
>>>>>>>>>>>>>> time
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> currently to participate in the release activities.
>>>>>>>>>>>>>>> On Mon, Oct 23, 2017 at 7:15 PM, Thomas Weise <t...@apache.org>
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>> The last release was back in March, there are quite a few JIRAs
>>>>>>>>>>> that
>>>>>>>>>>> 
>>>>>>>>>>>> have
>>>>>>>>>>>>>>> been completed since and should be released.
>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>> https://issues.apache.org/jira/issues/?jql=fixVersion%
>>>>>>>>>>>>>>>> 20%3D%203.8.0%20AND%20project%20%3D%20APEXMALHAR%20ORDER%
>>>>>>>>>>>>>>>> 20BY%20status%20ASC
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>>  From looking at the list there is nothing that should stand
>>>>>>>>>>>>>>>> in
>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> way
>>>>>>>>>>>>>> of a
>>>>>>>>>>>>> release?
>>>>>>>>>>>>>>>> Also, once the release is out it would be a good opportunity
>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> effect
>>>>>>>>>>>>>> the
>>>>>>>>>>>>> major version change.
>>>>>>>>>>>>>>>> Anyone interested to be the release manager?
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> Thanks,
>>>>>>>>>>>>>>>> Thomas
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> 
>>>>>>>>>>>>>>>> --
>>>>>>>>>>> *Chaitanya*
>>>>>>>>>>> 
>>>>>>>>>>> Software Engineer
>>>>>>>>>>> 
>>>>>>>>>>> E: chaita...@datatorrent.com | Twitter: @chaithu1403
>>>>>>>>>>> 
>>>>>>>>>>> www.datatorrent.com  |  apex.apache.org
>>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>>> 
> 

Reply via email to