Adding it to maven build would be fine. For custom license types that are not in the well know approved list or don't fall into category x, would it be possible to maintain a whitelist with any of the tools you mentioned? Also, do we want to allow category x licenses for any optional components *if* there are no suitable alternatives?
On Wed, Nov 1, 2017 at 12:34 PM, Ananth G <ananthg.a...@gmail.com> wrote: > I was wondering if we can consider a maven plugin or some other approach > in an automated way that might help us get to avoiding the current > situation we have with respect to Category X license.. > > > What are our thoughts on : > > - Integrating with a VersionEye OR equivalent stack wherein we use a > version eye maven plugin to check for whitelisted / blacklisted licenses > maintained in a version eye server > - If answer is yes, is there an ASF server that we can use for our builds > ? > - There seems to be a maven plugin that might do this but I have not used > it before. Does anyone have any opinion on https://github.com/mrice/ > license-check <https://github.com/mrice/license-check> ? > > Also what is our policy for undeclared licenses in the dependencies ? > There is the license-maven-plugin from codehaus that lists these as > “THIRD-PARTY” dependencies and can generate a report ( but cannot be used > to break a build if a category x license is introduced as a PR ) > > > Regards, > Ananth > > > > On 2 Nov 2017, at 6:10 am, Vlad Rozov <vro...@apache.org> wrote: > > > > It does not matter whether sql (and demos) is part of the main profile > or not. It is a source release, not a binary release and source includes > all profiles. > > > > Thank you, > > > > Vlad > > > > On 11/1/17 11:50, Pramod Immaneni wrote: > >> Vlad can you add this command to the release instructions and the > committer > >> guidelines. If we are unable to address this for this release, we can > >> consider moving examples to all-modules, sql is already not in the main > >> profile. > >> > >> On Mon, Oct 30, 2017 at 7:23 PM, Vlad Rozov <vro...@apache.org> wrote: > >> > >>> The following command may help to identify dependencies: > >>> > >>> find . -name DEPENDENCIES -print | xargs grep -n License: | grep -vE > >>> "Apache|CDDL|MIT|BSD|ASF|Public Domain|Eclipse Public License|Mozilla > >>> Public|Common Public|apache.org" > >>> > >>> Thank you, > >>> > >>> Vlad > >>> > >>> On 10/28/17 20:19, Ananth G wrote: > >>> > >>>> Before we proceed with the release, could I please get some thoughts > on > >>>> the following JIRAs that need resolution. If we can move some of > these out > >>>> of 3.8.0 to the next release , then I can proceed with the release > >>>> instructions. > >>>> > >>>> There are two JIRAs that are marked 3.8.0 and not yet resolved: > >>>> > >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2461 < > >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2461> (This is the > one > >>>> that Vlad raised below about Category X dependencies ) > >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2498 < > >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2498> (Kafka Tests > >>>> being flaky ) > >>>> > >>>> The following is marked as “In progress” > >>>> - https://issues.apache.org/jira/browse/APEXMALHAR-2462 < > >>>> https://issues.apache.org/jira/browse/APEXMALHAR-2462> : This I > believe > >>>> was kept in progress by Thomas for some follow up tasks and hence I > believe > >>>> we can move it to post 3.8.0 release ? > >>>> > >>>> > >>>> @Vlad: Regarding APEXMALHAR-2461, How are you generating the license > >>>> reports ? I have tried using license-maven-plugin ( from codehaus ) > and it > >>>> does generate a report but there is nothing which provides a report > based > >>>> on the violations ( and hence being forced to open each project under > >>>> examples and comparing it with the licenses list from the allowed > licenses > >>>> link that you provided in the mailing list a few days back). Is there > a > >>>> more optimal way to see the current list of violations in a concise > way ? > >>>> > >>>> Regards, > >>>> Ananth > >>>> > >>>> On 27 Oct 2017, at 5:53 am, Tushar Gosavi <tus...@datatorrent.com> > wrote: > >>>>> Hi Vlad, > >>>>> > >>>>> As far as I remember, I had access to staging maven area while doing > >>>>> previous apex release. You will need to update .m2/settings.xml with > >>>>> apache > >>>>> credential to access the maven repository. > >>>>> > >>>>> Regards, > >>>>> -Tushar. > >>>>> > >>>>> > >>>>> On Thu, Oct 26, 2017 at 11:02 PM, Vlad Rozov <vro...@apache.org> > wrote: > >>>>> > >>>>> Please send your PGP public key to one of PMC members to be added to > >>>>>> KEYS. > >>>>>> I don't remember if only PMC have access to staging Apache maven, it > >>>>>> may be > >>>>>> the case. Tushar, did you have write access to the staging Apache > maven > >>>>>> when you did the release? > >>>>>> > >>>>>> What do we do with https://issues.apache.org/jira > >>>>>> /browse/APEXMALHAR-2461? > >>>>>> > >>>>>> Thank you, > >>>>>> > >>>>>> Vlad > >>>>>> > >>>>>> > >>>>>> On 10/25/17 15:28, Ananth G wrote: > >>>>>> > >>>>>> I would like to volunteer to be the release manager for this. Given > I > >>>>>>> have not done this before I might have a few questions along the > way > >>>>>>> in the > >>>>>>> mailing list. > >>>>>>> > >>>>>>> A couple of questions regarding the release process: > >>>>>>> > >>>>>>> - In the link https://apex.apache.org/release.html , in the > section > >>>>>>> titled “Build and deploy release candidate” there is a mention of > >>>>>>> adding > >>>>>>> GPG keys. > >>>>>>> - Is it mandatory for the release manager gpg public key > to be > >>>>>>> present in the list > >>>>>>> - If it is how do I get my key added to that list > >>>>>>> - In the same section of the above link there is a mention of > >>>>>>> configuring > >>>>>>> the server apache.staging.https in the maven settings file. > >>>>>>> - I am not able to reach this server ? Is this expected? > >>>>>>> - The userid and password to be configured are our > committer > >>>>>>> ids > >>>>>>> ? > >>>>>>> > >>>>>>> Regards > >>>>>>> Ananth > >>>>>>> > >>>>>>> On 26 Oct 2017, at 4:04 am, Ananth G <ananthg.a...@gmail.com> > wrote: > >>>>>>> > >>>>>>>> +1 for malhar release. > >>>>>>>> > >>>>>>>> > >>>>>>>> Regards, > >>>>>>>> Ananth > >>>>>>>> > >>>>>>>> On 26 Oct 2017, at 3:20 am, Bhupesh Chawda < > bhup...@datatorrent.com> > >>>>>>>> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>> +1 for malhar release > >>>>>>>>> > >>>>>>>>> ~ Bhupesh > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> _______________________________________________________ > >>>>>>>>> > >>>>>>>>> Bhupesh Chawda > >>>>>>>>> > >>>>>>>>> E: bhup...@datatorrent.com | Twitter: @bhupeshsc > >>>>>>>>> > >>>>>>>>> www.datatorrent.com | apex.apache.org > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On Wed, Oct 25, 2017 at 9:37 PM, Chinmay Kolhatkar < > >>>>>>>>> chin...@datatorrent.com> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>> +1. > >>>>>>>>> > >>>>>>>>>> - Chinmay. > >>>>>>>>>> > >>>>>>>>>> On 25 Oct 2017 9:20 pm, "Chaitanya Chebolu" < > >>>>>>>>>> chaita...@datatorrent.com > >>>>>>>>>> wrote: > >>>>>>>>>> > >>>>>>>>>> +1 on new release. > >>>>>>>>>> > >>>>>>>>>>> Thanks, > >>>>>>>>>>> > >>>>>>>>>>> On Wed, Oct 25, 2017 at 9:09 PM, Vlad Rozov <vro...@apache.org > > > >>>>>>>>>>> > >>>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>> +1. > >>>>>>>>>>>> > >>>>>>>>>>>> Thank you, > >>>>>>>>>>>> > >>>>>>>>>>>> Vlad > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> On 10/25/17 08:21, Amol Kekre wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> +1 on a new malhar release. > >>>>>>>>>>>>> > >>>>>>>>>>>>> Thks, > >>>>>>>>>>>>> Amol > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> E:a...@datatorrent.com | M: 510-449-2606 | Twitter: > >>>>>>>>>>>>> @*amolhkekre* > >>>>>>>>>>>>> > >>>>>>>>>>>>> www.datatorrent.com > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> On Tue, Oct 24, 2017 at 9:12 PM, Tushar Gosavi < > >>>>>>>>>>>>> > >>>>>>>>>>>>> tus...@datatorrent.com> > >>>>>>>>>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>>> +1 on creating a new malhar release. > >>>>>>>>>>>>> - Tushar. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On Wed, Oct 25, 2017 at 4:39 AM, Pramod Immaneni < > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> pra...@datatorrent.com > >>>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> +1 on creating a new release. I, unfortunately, do not have > the > >>>>>>>>>>>>>> time > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> currently to participate in the release activities. > >>>>>>>>>>>>>>> On Mon, Oct 23, 2017 at 7:15 PM, Thomas Weise < > t...@apache.org> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>> The last release was back in March, there are quite a few > JIRAs > >>>>>>>>>>> that > >>>>>>>>>>> > >>>>>>>>>>>> have > >>>>>>>>>>>>>>> been completed since and should be released. > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> https://issues.apache.org/jira/issues/?jql=fixVersion% > >>>>>>>>>>>>>>>> 20%3D%203.8.0%20AND%20project%20%3D%20APEXMALHAR%20ORDER% > >>>>>>>>>>>>>>>> 20BY%20status%20ASC > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> From looking at the list there is nothing that should > stand > >>>>>>>>>>>>>>>> in > >>>>>>>>>>>>>>>> the > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> way > >>>>>>>>>>>>>> of a > >>>>>>>>>>>>> release? > >>>>>>>>>>>>>>>> Also, once the release is out it would be a good > opportunity > >>>>>>>>>>>>>>>> to > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> effect > >>>>>>>>>>>>>> the > >>>>>>>>>>>>> major version change. > >>>>>>>>>>>>>>>> Anyone interested to be the release manager? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Thanks, > >>>>>>>>>>>>>>>> Thomas > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> -- > >>>>>>>>>>> *Chaitanya* > >>>>>>>>>>> > >>>>>>>>>>> Software Engineer > >>>>>>>>>>> > >>>>>>>>>>> E: chaita...@datatorrent.com | Twitter: @chaithu1403 > >>>>>>>>>>> > >>>>>>>>>>> www.datatorrent.com | apex.apache.org > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > > > >
