Chip, David thanks for the detailed explanation, is one of you taking care of fixing this issue or we need to find other volunteers
Thanks Animesh > -----Original Message----- > From: Chip Childers [mailto:chipchild...@apache.org] > Sent: Thursday, February 20, 2014 10:13 AM > To: dev@cloudstack.apache.org > Subject: Re: [DISCUSS] Policy blocker? > > On Thu, Feb 20, 2014 at 11:32 AM, Chip Childers <chipchild...@apache.org> > wrote: > > On Thu, Feb 20, 2014 at 08:37:46AM -0500, David Nalley wrote: > >> Hi folks, > >> > >> I cringe to raise this issue. After 6 RCs I am sure we are all > >> feeling a little bit of release vote fatigue. Especially Animesh. I > >> apologize in advance; in all other respects I am ready to give a +1 to RC6. > >> > >> I've been playing with 4.3.0-rc6 for a couple of days now. I > >> attempted to build some RPMs and had problems with dependency > >> resolution in maven. This led me to looking at a number of different > >> poms, and I noticed mysql-connector-java is listed as a runtime > >> dependency. For our end users, this really isn't necessary - the debs > >> and rpms specify a requirement (effectively a system requirement in > >> the terms of > >> policy) for mysql-connector-java. We don't need it to build the > >> software (at least not in any location I've seen) - just when running. > >> (And thus its a system dependency, much like MySQL is.) > >> > >> mysql-connector-java is GPLv2; which is Cat X. By including it as a > >> dependency in the pom it automatically gets downloaded. The 3rd Party > >> software policy has this line in it: > >> > >> "YOU MUST NOT distribute build scripts or documentation within an > >> Apache product with the purpose of causing the default/standard build > >> of an Apache product to include any part of aprohibited work." > >> > >> We've released software with this dependency previously. Is this a > >> blocker for 4.3 or do we fix going forward? (If we hadn't already > >> shipped releases with this problem I'd lean a bit more towards it > >> being a blocker - but its more murky now.) > >> > >> Thoughts, comments, flames? > >> > >> --David > >> > >> [1] https://www.apache.org/legal/3party.html > > > > During incubation, this dependency was raised as an issue. Generally, > > there are 2 ways to deal with Category X dependencies within an ASF > > project: > > > > 1) Make it an optional part of the software. This is what we do with > > the nonoss build target, but won't work for the mysql-connector. > > > > 2) Make it a "system dependency" that is expected to be installed on > > the system prior to our software. > > > > mysql-connector-java (and the python equiv) were supposed to be > > handled using option 2 (system dependency). > > > > Currently, our RPM packaging depends on the relevant RPM to pull this > > in as a system dependency. I can't tell with the DEBs, but that would > > need to be reviewed. > > > > The problem is that our maven poms pull down the jar automatically > > right now. This is the blocker for us. I'm certainly not a lawyer, > > but my understanding of ASF policy is that we need to make some > > changes before making another release. > > > > So, there appear to be three things that have to happen: > > > > 1) Confirm that the mysql-connector-java is a system dependency in the > > DEB packaging. > > > > 2) Ensure that a "normal build" of the project using mvn does not > > automatically download the mysql-connector-java jar files. > > > > 3) Retest the project to ensure that the above changes work. > > > > Then we can re-spin an RC. > > > > -chip > > For those following along at home, here are some relevant links: > > http://www.apache.org/legal/resolved.html > > http://www.apache.org/dev/licensing-howto.html
