Thanks Boyuan for the prompt resolution! : D -P/ On Thu, May 24, 2018 at 4:33 PM Boyuan Zhang <boyu...@google.com> wrote:
> Hey all, > > Release blocker https://issues.apache.org/jira/browse/BEAM-4393 marked as > Resolved. > > > Boyuan > > On Wed, May 23, 2018 at 1:52 PM Scott Wegner <sweg...@google.com> wrote: > >> FYI, I've opened https://issues.apache.org/jira/browse/BEAM-4393 to >> track this work and marked it as a 2.5.0 release blocker. >> >> On Wed, May 23, 2018 at 9:15 AM Andrew Pilloud <apill...@google.com> >> wrote: >> >>> I generated the list of jars to check using the following search: >>> >>> grep 'include(dependency(' $(find . -name 'build.gradle') >>> >>> >>> Andrew >>> >>> On Tue, May 22, 2018 at 7:33 PM Kenneth Knowles <k...@google.com> wrote: >>> >>>> Did you look through all our jars or is that just a sample? >>>> >>>> Kenn >>>> >>>> On Tue, May 22, 2018 at 7:22 PM Davor Bonaci <da...@apache.org> wrote: >>>> >>>>> This analysis looks correct. Great find! >>>>> >>>>> The recommended fix would be different. I'd suggest appending this >>>>> sentence to the end of the LICENSE file: "A part of several convenience >>>>> binary distributions of this software is licensed as follows", followed by >>>>> the full license text (including its copyright, clauses and disclaimer) -- >>>>> for each such case separately. Don't edit the NOTICE file. >>>>> >>>>> I'd suggest keeping things simple: no per-artifact license/notice, >>>>> etc. Just two project-wide files, but I'd suggest including it/attaching >>>>> it >>>>> "everywhere". Opinions on this part may vary, but, for me, "everywhere" >>>>> includes every jar file. >>>>> >>>>> Standard disclaimers apply. >>>>> >>>>> Any volunteers? Thanks so much! >>>>> >>>>> On Tue, May 22, 2018 at 4:02 PM, Andrew Pilloud <apill...@google.com> >>>>> wrote: >>>>> >>>>>> Here is what I think might be missing: >>>>>> >>>>>> (1) what artifacts are impacted and where are they distributed >>>>>> >>>>>> >>>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-core/2.4.0/beam-sdks-java-core-2.4.0.jar >>>>>> >>>>>> http://central.maven.org/maven2/org/apache/beam/beam-runners-direct-java/2.4.0/beam-runners-direct-java-2.4.0.jar >>>>>> >>>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-harness/2.4.0/beam-sdks-java-harness-2.4.0.jar >>>>>> >>>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-extensions-sql/2.4.0/beam-sdks-java-extensions-sql-2.4.0.jar >>>>>> >>>>>> (2) the external dependency being distributed >>>>>> >>>>>> beam-sdks-java-core: protobuf >>>>>> beam-runners-direct-java: protobuf >>>>>> beam-runners-direct-java: jsr-305 >>>>>> beam-sdks-java-extensions-sql: janino-compiler >>>>>> >>>>>> (3) license and/or term not adhered to >>>>>> >>>>>> BSD 3 Clause: Redistributions in binary form must reproduce the >>>>>> above copyright notice, this list of conditions and the following >>>>>> disclaimer in the documentation and/or other materials provided with the >>>>>> distribution. >>>>>> >>>>>> (4) any proposed fix >>>>>> >>>>>> NOTICE file in the jar. >>>>>> >>>>>> I am not a lawyer, this is not legal advice. >>>>>> >>>>>> On Tue, May 22, 2018 at 2:55 PM Davor Bonaci <da...@apache.org> >>>>>> wrote: >>>>>> >>>>>>> Thanks for the report! >>>>>>> >>>>>>> Could you please comment more as to: (1) what artifacts are impacted >>>>>>> and where are they distributed, (2) the external dependency being >>>>>>> distributed, (3) license and/or term not adhered to, and (4) any >>>>>>> proposed >>>>>>> fix? >>>>>>> >>>>>>> Any such information would be helpful in triaging the problem -- >>>>>>> thanks so much! >>>>>>> >>>>>>> (If confirmed, this would be release blocking.) >>>>>>> >>>>>>> On Tue, May 22, 2018 at 2:37 PM, Lukasz Cwik <lc...@google.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Does it have to be part of the jar or is it good enough to be part >>>>>>>> of the sources jar (as 2.4.0 had it part of the >>>>>>>> beam-parent-2.4.0-source.zip >>>>>>>> <http://central.maven.org/maven2/org/apache/beam/beam-parent/2.4.0/beam-parent-2.4.0-source.zip> >>>>>>>> )? >>>>>>>> >>>>>>>> On Tue, May 22, 2018 at 11:16 AM Andrew Pilloud < >>>>>>>> apill...@google.com> wrote: >>>>>>>> >>>>>>>>> I was digging around in the SQL jar trying to debug some packaging >>>>>>>>> issues and noticed that we aren't including the copyright notices >>>>>>>>> from the >>>>>>>>> packages we are shading. I also looked at our previously released >>>>>>>>> jars and >>>>>>>>> they are the same (so this isn't a regression). Should we be >>>>>>>>> including the >>>>>>>>> copyright notice from packages we are redistributing? >>>>>>>>> >>>>>>>>> Andrew >>>>>>>>> >>>>>>>> >>>>>>> >>>>> -- Got feedback? go/pabloem-feedback
