This is a bit frustrating. I have called this vote multiple times now and each call finds something new. This dep is used by the bit that reads the startup settings from a file. I will have to ticket this because it is more than cosmetic.
On Tue, Jan 3, 2017 at 1:07 PM, Josh Elser <els...@apache.org> wrote: > > > Edward Capriolo wrote: > >> On Tue, Jan 3, 2017 at 11:45 AM, Josh Elser<els...@apache.org> wrote: >> >> -1 due to a dependency on a project with a category-X license [1]. >>> >>> Gossip is transitively depending on org.json:json via >>> jackson-datatype-json-org. >>> >>> ``` >>> [INFO] org.apache.gossip:gossip:jar:0.1.1-incubating >>> [INFO] +- com.fasterxml.jackson:jackson-datatype-json-org:jar:1.8.0:co >>> mpile >>> [INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.8.6:compile >>> [INFO] | | \- org.codehaus.jackson:jackson-core-asl:jar:1.8.6:compile >>> [INFO] | \- org.json:json:jar:20090211:compile >>> ``` >>> >>> org.json:json is licensed with the JSON license which the ASF has >>> recently >>> moved to category-X [2]. Debian has a list of some alternatives[3] which >>> can be used instead. This would need to be resolved before your release. >>> >>> I know in Calcite we use jackson-databind for JSON serialization of POJOs >>> and that doesn't have the dependency on org.json:json. Perhaps this can >>> be >>> easily resolved switching the jackson dependencies and maybe some API >>> calls. >>> >>> Good: >>> >>> * xsums/sigs match (for source-release.zip) >>> * KEYS looks good >>> * Can build from source >>> * DISCLAIMER is present >>> >>> I see that the rc1 tag was pushed, and will assume that the next VOTE >>> message will get that right too. Re-stating this one as I can't verify >>> that >>> presently. >>> >>> Nit: >>> >>> * Wrong header in the src/**/log4j.properties files. Update it to match >>> the header in the rest of the java files. Fix for next release. >>> * Year in NOTICE is now out of date. Fix for next release. >>> * Use "Apache Gossip" for the first mention of "Gossip" in the README.md. >>> Fix for next release. >>> * Add the license text to the README and eclipse template as it's trivial >>> to do so for both (xml and md both support "comments"). Fix for next >>> release. >>> * Tests failed for me (on a `mvn package`). Not a release issue, just a >>> quality issue. I would expect that all of the tests would pass, and just >>> wanted to mention it. >>> >>> ``` >>> Failed tests: >>> ShutdownDeadtimeTest.DeadNodesDoNotComeAliveAgain:103 >>> ComparisonFailure >>> expected:<[16]> but was:<[8]> >>> StartupSettingsTest.testUsingSettingsFile:69 » Runtime >>> java.net.BindException:... >>> TenNodeThreeSeedTest.test:44->abc:78 » Runtime >>> java.net.BindException: >>> Address... >>> TenNodeThreeSeedTest.testAgain:49->abc:78 » Runtime >>> java.net.BindException: Ad... >>> ``` >>> >>> - Josh >>> >>> [1] https://www.apache.org/legal/resolved#category-x >>> [2] https://www.apache.org/legal/resolved#json >>> [3] https://wiki.debian.org/qa.debian.org/jsonevil >>> >>> Edward Capriolo wrote: >>> >>> I am pleased to be calling this vote for the source release of Apache >>>> Gossip >>>> >>>> Ancillary artifacts such as poms, jars, wars, ect. can be found here: >>>> https://repository.apache.org/content/repositories/orgapachegossip-1001 >>>> >>>> The Git commit ID is: >>>> https://github.com/edwardcapriolo/incubator-gossip/commit/74 >>>> 133870410fec45bd6cac39351fcbbe0950de18 >>>> >>>> Which will be tagged as gossip-0.1.1-incubating >>>> >>>> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git; >>>> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564 >>>> >>>> >>>> Checksums of >>>> https://repository.apache.org/content/repositories/orgapache >>>> gossip-1001/org/apache/gossip/gossip/0.1.1-incubating/ >>>> gossip-0.1.1-incubating-source-release.zip.asc >>>> : >>>> SHA1: 53ca6498d0f704fe7931ec23ca81a638a1fd666c >>>> MD5: c27067c47bdeb6133660beda908f679c >>>> >>>> Release artifacts are signed with the following key: >>>> http://people.apache.org/~ecapriolo/ >>>> http://people.apache.org/~ecapriolo/ecapriolo_asf.asc >>>> >>>> KEYS file available here: >>>> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS >>>> >>>> The vote will be open for 72 hours. Please download the release >>>> candidate >>>> and evaluate the necessary items including checking hashes, signatures, >>>> build from source, and test. >>>> >>>> >>>> Release this package? >>>> [ ] +1 yes >>>> [ ] +0 no opinion >>>> [ ] -1 Do not release this package because because... >>>> >>>> >>>> I have changed the dependency to this: >> https://mvnrepository.com/artifact/com.fasterxml.jackson. >> datatype/jackson-datatype-json-org/2.8.5 >> >> <!-- >> https://mvnrepository.com/artifact/com.fasterxml.jackson. >> datatype/jackson-datatype-json-org >> --> >> <dependency> >> <groupId>com.fasterxml.jackson.datatype</groupId> >> <artifactId>jackson-datatype-json-org</artifactId> >> <version>2.8.5</version> >> </dependency> >> >> Which produces this: >> >> mvn dependency:tree >> [INFO] --- maven-dependency-plugin:2.10:tree (default-cli) @ gossip --- >> [INFO] org.apache.gossip:gossip:jar:0.1.2-incubating-SNAPSHOT >> [INFO] +- >> com.fasterxml.jackson.datatype:jackson-datatype-json-org: >> jar:2.8.5:compile >> [INFO] | +- com.fasterxml.jackson.core:jackson-core:jar:2.8.5:compile >> [INFO] | +- com.fasterxml.jackson.core:jackson-databind:jar:2.8.5:compil >> e >> [INFO] | | \- >> com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile >> [INFO] | \- org.apache.geronimo.bundles:json:jar:20090211_1:compile >> [INFO] +- org.junit.jupiter:junit-jupiter-api:jar:5.0.0-M2:test >> [INFO] | +- org.opentest4j:opentest4j:jar:1.0.0-M1:test >> [INFO] | \- org.junit.platform:junit-platform-commons:jar:1.0.0-M2:test >> [INFO] +- org.junit.jupiter:junit-jupiter-engine:jar:5.0.0-M2:test >> [INFO] | \- org.junit.platform:junit-platform-engine:jar:1.0.0-M2:test >> [INFO] +- org.junit.vintage:junit-vintage-engine:jar:4.12.0-M2:test >> [INFO] | \- junit:junit:jar:4.12:test >> [INFO] | \- org.hamcrest:hamcrest-core:jar:1.3:test >> [INFO] +- org.junit.platform:junit-platform-runner:jar:1.0.0-M2:test >> [INFO] | \- org.junit.platform:junit-platform-launcher:jar:1.0.0-M2:test >> [INFO] +- io.teknek:tunit:jar:0.0.0:test >> [INFO] \- log4j:log4j:jar:1.2.17:compile >> [INFO] >> ------------------------------------------------------------------------ >> >> Is this acceptable? >> >> > No. > > http://search.maven.org/#artifactdetails%7Corg.apache.geroni > mo.bundles%7Cjson%7C20090211_1%7Cbundle > > Take a look at the pom. It's just a wrapper around the same category-X > licensed dependency. >
