Here is what I think might be missing: (1) what artifacts are impacted and where are they distributed
http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-core/2.4.0/beam-sdks-java-core-2.4.0.jar http://central.maven.org/maven2/org/apache/beam/beam-runners-direct-java/2.4.0/beam-runners-direct-java-2.4.0.jar http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-harness/2.4.0/beam-sdks-java-harness-2.4.0.jar http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-extensions-sql/2.4.0/beam-sdks-java-extensions-sql-2.4.0.jar (2) the external dependency being distributed beam-sdks-java-core: protobuf beam-runners-direct-java: protobuf beam-runners-direct-java: jsr-305 beam-sdks-java-extensions-sql: janino-compiler (3) license and/or term not adhered to BSD 3 Clause: Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (4) any proposed fix NOTICE file in the jar. I am not a lawyer, this is not legal advice. On Tue, May 22, 2018 at 2:55 PM Davor Bonaci <da...@apache.org> wrote: > Thanks for the report! > > Could you please comment more as to: (1) what artifacts are impacted and > where are they distributed, (2) the external dependency being distributed, > (3) license and/or term not adhered to, and (4) any proposed fix? > > Any such information would be helpful in triaging the problem -- thanks so > much! > > (If confirmed, this would be release blocking.) > > On Tue, May 22, 2018 at 2:37 PM, Lukasz Cwik <lc...@google.com> wrote: > >> Does it have to be part of the jar or is it good enough to be part of the >> sources jar (as 2.4.0 had it part of the beam-parent-2.4.0-source.zip >> <http://central.maven.org/maven2/org/apache/beam/beam-parent/2.4.0/beam-parent-2.4.0-source.zip> >> )? >> >> On Tue, May 22, 2018 at 11:16 AM Andrew Pilloud <apill...@google.com> >> wrote: >> >>> I was digging around in the SQL jar trying to debug some packaging >>> issues and noticed that we aren't including the copyright notices from the >>> packages we are shading. I also looked at our previously released jars and >>> they are the same (so this isn't a regression). Should we be including the >>> copyright notice from packages we are redistributing? >>> >>> Andrew >>> >> >
