Hi, Justin, Thank you for pointing out these issues. Where does the code in [4] code form? I’m not 100% it all code under the > Apache license as the headers claim, however the code is minified so it > hard to tell. Where is the original source code? Is it included in the > releases? If it not it needs to be. Just like we don’t include compiled > code, we need to include un-minified code so people can inspect what they > are getting. >
These files are from the compiled dashboard code. I think that APISIX can no longer contain compiled dashboard code, but instead guides the user to compile the dashboard from source, and it will solve the license problem. I notice you include a code of conduct, is this different to the Apache one > and if so why? > That is an old version, I forgot to modify this file, thank you for reminding me. I am going to update to the version of apache. The README needs clear instruction on how to compile the release candidate. > I can see in doc/dev-manual.md the instructions say to clone master. The > instructions need to change to show how to compile the source release not > using git. It probably needs better instruction of installing the > dependancies. > got it, I will add instruction on how to compile from release source code. I notice several 3rd party logos are included in the release, are they > being used correctly and correct attribution been given to them? > Can you give a few examples of these logos? I will confirm for them. Thanks, Ming Wen, Apache APISIX Twitter: _WenMing Justin Mclean <[email protected]> 于2019年11月12日周二 上午3:35写道: > HI, > > -1 (binding) due to missing license information and unable to compile the > source release. This -1 vote may have been avoided if you had used the work > in progress DISCLAIMER. [1] > > When maligning a release anything minded in the release needs to listed in > LICENSE, this is ofter referred to as the guiding principle. [3] > > I checked: > - incubating in name > - signatures and hashes fine > - DISCLAIMER exists > - LICENSE is missing some license information (see below) > - NOTICE is OK but may be missing content > - It seem some files incorrectly have ASF headers on them. > - No unexpected binary files > - Unable to compile so no instructions given as I get the error "Error: > Lua interpreter not found at luajit” lua, luajit and luarocks are installed. > > This file [2] contains several 3rd party licensed items,, it may > incorrectly have an ASF header on it. They are Vue.js v2.6.10, vuex v3.1.1, > vue-class-component v7.1.0, NProgress , some unknown bit of software from > Microsoft, Modernizr, vue-router v3.1.3, screenfull v4.2.1, JavaScript > Cookie v2.2.1, vue-i18n v8.15.0 was Fuse.js v3.4.5. I may of missed > something. All of these need to be added to LICENSE (and in the case of > ALv2 bits of software NOTICE may need to be modified). Under teh terms of > the MIT license you all need to include the full text of each license. > > This file [5] contains MIT licensed code as does this file [6]. > > Where does the code in [4] code form? I’m not 100% it all code under the > Apache license as the headers claim, however the code is minified so it > hard to tell. Where is the original source code? Is it included in the > releases? If it not it needs to be. Just like we don’t include compiled > code, we need to include un-minified code so people can inspect what they > are getting. > > I notice you include a code of conduct, is this different to the Apache > one and if so why? > > The README needs clear instruction on how to compile the release > candidate. I can see in doc/dev-manual.md the instructions say to clone > master. The instructions need to change to show how to compile the source > release not using git. It probably needs better instruction of installing > the dependancies. > > I notice several 3rd party logos are included in the release, are they > being used correctly and correct attribution been given to them? > > Thanks, > Justin > > 1. https://incubator.apache.org/policy/incubation.html#disclaimers > 2. ./dashboard/js/chunk-libs.86f650f2.js > 3. http://www.apache.org/dev/licensing-howto.html#guiding-principle > 4. ./dashboard/js/ > 5. ./dashboard/js/chunk-450dda4e.7ea86d2a.js > 6. ./dashboard/css/chunk-libs.ee57d822.css > >
