Edward Capriolo wrote:
On Tue, Jan 3, 2017 at 11:45 AM, Josh Elser<els...@apache.org> wrote:
-1 due to a dependency on a project with a category-X license [1].
Gossip is transitively depending on org.json:json via
jackson-datatype-json-org.
```
[INFO] org.apache.gossip:gossip:jar:0.1.1-incubating
[INFO] +- com.fasterxml.jackson:jackson-datatype-json-org:jar:1.8.0:co
mpile
[INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.8.6:compile
[INFO] | | \- org.codehaus.jackson:jackson-core-asl:jar:1.8.6:compile
[INFO] | \- org.json:json:jar:20090211:compile
```
org.json:json is licensed with the JSON license which the ASF has recently
moved to category-X [2]. Debian has a list of some alternatives[3] which
can be used instead. This would need to be resolved before your release.
I know in Calcite we use jackson-databind for JSON serialization of POJOs
and that doesn't have the dependency on org.json:json. Perhaps this can be
easily resolved switching the jackson dependencies and maybe some API calls.
Good:
* xsums/sigs match (for source-release.zip)
* KEYS looks good
* Can build from source
* DISCLAIMER is present
I see that the rc1 tag was pushed, and will assume that the next VOTE
message will get that right too. Re-stating this one as I can't verify that
presently.
Nit:
* Wrong header in the src/**/log4j.properties files. Update it to match
the header in the rest of the java files. Fix for next release.
* Year in NOTICE is now out of date. Fix for next release.
* Use "Apache Gossip" for the first mention of "Gossip" in the README.md.
Fix for next release.
* Add the license text to the README and eclipse template as it's trivial
to do so for both (xml and md both support "comments"). Fix for next
release.
* Tests failed for me (on a `mvn package`). Not a release issue, just a
quality issue. I would expect that all of the tests would pass, and just
wanted to mention it.
```
Failed tests:
ShutdownDeadtimeTest.DeadNodesDoNotComeAliveAgain:103 ComparisonFailure
expected:<[16]> but was:<[8]>
StartupSettingsTest.testUsingSettingsFile:69 » Runtime
java.net.BindException:...
TenNodeThreeSeedTest.test:44->abc:78 » Runtime java.net.BindException:
Address...
TenNodeThreeSeedTest.testAgain:49->abc:78 » Runtime
java.net.BindException: Ad...
```
- Josh
[1] https://www.apache.org/legal/resolved#category-x
[2] https://www.apache.org/legal/resolved#json
[3] https://wiki.debian.org/qa.debian.org/jsonevil
Edward Capriolo wrote:
I am pleased to be calling this vote for the source release of Apache
Gossip
Ancillary artifacts such as poms, jars, wars, ect. can be found here:
https://repository.apache.org/content/repositories/orgapachegossip-1001
The Git commit ID is:
https://github.com/edwardcapriolo/incubator-gossip/commit/74
133870410fec45bd6cac39351fcbbe0950de18
Which will be tagged as gossip-0.1.1-incubating
https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;
a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
Checksums of
https://repository.apache.org/content/repositories/orgapache
gossip-1001/org/apache/gossip/gossip/0.1.1-incubating/
gossip-0.1.1-incubating-source-release.zip.asc
:
SHA1: 53ca6498d0f704fe7931ec23ca81a638a1fd666c
MD5: c27067c47bdeb6133660beda908f679c
Release artifacts are signed with the following key:
http://people.apache.org/~ecapriolo/
http://people.apache.org/~ecapriolo/ecapriolo_asf.asc
KEYS file available here:
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
The vote will be open for 72 hours. Please download the release candidate
and evaluate the necessary items including checking hashes, signatures,
build from source, and test.
Release this package?
[ ] +1 yes
[ ] +0 no opinion
[ ] -1 Do not release this package because because...
I have changed the dependency to this:
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-json-org/2.8.5
<!--
https://mvnrepository.com/artifact/com.fasterxml.jackson.datatype/jackson-datatype-json-org
-->
<dependency>
<groupId>com.fasterxml.jackson.datatype</groupId>
<artifactId>jackson-datatype-json-org</artifactId>
<version>2.8.5</version>
</dependency>
Which produces this:
mvn dependency:tree
[INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ gossip ---
[INFO] org.apache.gossip:gossip:jar:0.1.2-incubating-SNAPSHOT
[INFO] +-
com.fasterxml.jackson.datatype:jackson-datatype-json-org:jar:2.8.5:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.8.5:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.8.5:compile
[INFO] | | \-
com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile
[INFO] | \- org.apache.geronimo.bundles:json:jar:20090211_1:compile
[INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.0.0-M2:test
[INFO] | +- org.opentest4j:opentest4j:jar:1.0.0-M1:test
[INFO] | \- org.junit.platform:junit-platform-commons:jar:1.0.0-M2:test
[INFO] +- org.junit.jupiter:junit-jupiter-engine:jar:5.0.0-M2:test
[INFO] | \- org.junit.platform:junit-platform-engine:jar:1.0.0-M2:test
[INFO] +- org.junit.vintage:junit-vintage-engine:jar:4.12.0-M2:test
[INFO] | \- junit:junit:jar:4.12:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] +- org.junit.platform:junit-platform-runner:jar:1.0.0-M2:test
[INFO] | \- org.junit.platform:junit-platform-launcher:jar:1.0.0-M2:test
[INFO] +- io.teknek:tunit:jar:0.0.0:test
[INFO] \- log4j:log4j:jar:1.2.17:compile
[INFO]
------------------------------------------------------------------------
Is this acceptable?
No.
http://search.maven.org/#artifactdetails%7Corg.apache.geronimo.bundles%7Cjson%7C20090211_1%7Cbundle
Take a look at the pom. It's just a wrapper around the same category-X
licensed dependency.
