I've filed 5 JIRAs - https://issues.apache.org/jira/browse/HAWQ-960 (NOT a release blocker - but nice to have) - https://issues.apache.org/jira/browse/HAWQ-959 (clean up binary files) - https://issues.apache.org/jira/browse/HAWQ-958 (huge list for license missing, we need help to review these files one by one - anyone can volunteer themselves?) - https://issues.apache.org/jira/browse/HAWQ-957 (Notice file clean up) - https://issues.apache.org/jira/browse/HAWQ-952 (COPYRIGHT file clean up) For 952, 957 , I got some contradictory feedback from general@incubator mailing list - Can some of our mentors help to guide what's the right way to put COPYRIGHT content into NOTICE file?
On Wed, Jul 27, 2016 at 10:13 AM Goden Yao <[email protected]> wrote: > In case you're not in general incubator mailing list. > this is by far the most detailed, thorough analysis I got from IPMC. > As a community, we need to go through these items one by one and make sure > we resolve them for the next release candidate. > > I'll start some preliminary work by filing JIRAs for items I think making > sense. > For arguable items, we should seek for mentor's guidance or suggestions. > > Thanks all. > -Goden > > ---------- Forwarded message --------- > From: Justin Mclean <[email protected]> > Date: Tue, Jul 26, 2016 at 8:03 PM > Subject: Re: [VOTE] Apache HAWQ (incubating) 2.0.0.0-incubating Release > To: <[email protected]> > > > Hi, > > -1 (binding) binary in source release, LICENSE and NOTICE issues, ASF > header added to files not under Apache 2.0 license, possible inclusion of > GPL licensed software and possible Category X software included in release > (BSD with ad clause). > > This is not a simple release to check and I may of missed a few things due > to the large amount of noise. > > I checked: > - release contains incubating > - signatures and hashes good > - I’m not sure what the intent of COPYRIGHT is. I also don't think as it > has been suggested that this should be merged with NOTICE, NOTICE doesn’t > not list all copyrights just those that have be relocated from source > files. [1] > - NOTICE incorrecly contains a long list of copyright statements. I would > expect to see one or perhaps two here i.e. the original authors who donated > the software and who copyright statements were removed from the original > files. > - LICENSE is missing a large number of things (see below) > - Please use the short form of the license linking to a license files in > LICENSE > - Looks like there is an unexpected binary in the release [2] May be > others given rat reports 770+ binary files > - Impossible to say if files have correct ASF headers or not, given the > large number of files with ASF headers (5000 odd files) > - Failed to compile form source but likely my setup > > License is missing (in some cases note the different copyright owners) > - BSD licensed code [3] > - BSD license code [7] > - license for this file [9] > - license for this file [10] Are we OK this was taken form GNU C? > - MIT license PSI [11] > - BSD licensed code [12] > - BSD licensed code [13] Is this regard as cryptography code? [14] > - BSD licensed code [15][16] > - license for this file [17] > - license of these files [18][19] > - license of this file [20] > - regex license [21] > - How are these files licensed? [22] + others copyright AEG Automation GmbH > - How is this file licensed? [23] > - BSD licensed libpq [24]. Is this consider crypto code and may need an > export license? > - pgdump [25] > - license for this file [26] > - license for this file [27] Look like an ASF header may of been > incorrectly added to this. > - This BSD licensed file [36] > - license for these files [37][38] and others in [39] > - This BSD licensed file [40] > - This BSD licensed file [41] > - BSD licensed pychecker [42] > - licenses for all of these files [43] > - BSD license pg800 [44] > - how is this file licensed? [45] > - license for this file [47] > - Python license for this file [48]. Is this an Apache comparable license? > - How are these files licensed? [49] Note multiple copyright owners and > missing headers. > - BSD licensed fig leaf. [50] Note that files incorrectly has had ASF > headers applied. > - This BSD licensed file [51] > - This public domain style sheet [52] > - This file [53] > - License for unit test2 [54] > - MIT licensed lock file [55] > - JSON code here [56] > - License for this file [57] > > And I may of missed some, as I wasn't doing a full review - that would > likely take many many hours. > > Looks like GPL/LPGL licensed code may be included [4][5][6] in the release. > > This file [8] and others(?) may incorrectly have an ASF headers on it. > Also why does this file have an ASF header with copyright line? [46] > > Code includes code licensed under the 4 clause BSD license which is not > compatible with the Apache 2.0 license. [28][29][30][31][32][33] It may be > that this clause has been rescinded [35] and it OK to include but that > needs to be checked. > > I’d suggest that build instructions are included in the release rather > than a link to them. If the instructions at the URL change in the future > how do I know how to build this release? > > Also some one owes me a beer! > > Thanks, > Justin > > 1. http://www.apache.org/legal/src-headers.html#headers > 2. depends/thirdparty/thrift/lib/erl/rebar > 3. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py > 4. ./depends/thirdparty/thrift/debian/copyright (end of file) > 5. ./depends/thirdparty/thrift/doc/licenses/lgpl-2.1.txt > 6. ./tools/bin/gppylib/operations/test/test_package.py > 7. ./depends/thirdparty/thrift/compiler/cpp/src/md5.? > 8. ./tools/sbin/hawqstandbywatch.py > 9. ./src/backend/port/dynloader/ultrix4.h > 10. ./src/port/inet_aton.c > 11. ./tools/bin/pythonSrc/PSI-0.3b2_gp/ > 12. ./src/port/snprintf.c > 13 ./src/port/crypt.c > 14. http://www.apache.org/dev/crypto.html > 15. ./src/port/memcmp.c > 16. ./src/backend/utils/mb/wstrcmp.c > 17. ./src/port/rand.c > 18. ./src/backend/utils/adt/inet_net_ntop.c > 19. ./src/backend/utils/adt/inet_net_pton.c > 20 ./src/port/strlcpy.c > 21. ./src/backend/regex/COPYRIGHT > 22. ./src/backend/port/qnx4/shm.c > 23. ./src/backend/port/beos/shm.c > 24. ./src/backend/libpq/sha2.? > 25. ./src/bin/pg_dump/ > 26. ./src/port/gettimeofday.c > 27. ./depends/thirdparty/thrift/lib/cpp/src/thrift/windows/SocketPair.cpp > 28. ./src/backend/port/dynloader/freebsd.c > 29. ./src/backend/port/dynloader/netbsd.c > 30. ./src/backend/port/dynloader/openbsd.c > 31. ./src/bin/gpfdist/src/gpfdist/glob.c > 32. ./src/bin/gpfdist/src/gpfdist/include/glob.h > 33. ./src/include/port/win32_msvc/glob.h > 34. ./src/port/glob.c > 35. ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change > 36. ./src/bin/pg_controldata/pg_controldata.c > 37. ./depends/thirdparty/thrift/aclocal/ax_cxx_compile_stdcxx_11.m4 > 38. ./depends/thirdparty/thrift/aclocal/ax_boost_base.m4 > 39. ./depends/thirdparty/thrift/aclocal > 40. ./depends/thirdparty/thrift/build/cmake/FindGLIB.cmake > 41. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py > 42. ./tools/bin/pythonSrc/pychecker-0.8.18/ > 43. ./src/interfaces/libpq/po/*.po > 44. ./tools/bin/ext/pg8000/* > 45. ./src/backend/utils/mb/Unicode/UCS_to_GB18030.pl > 46. > ./contrib/hawq-hadoop/hawq-mapreduce-tool/src/test/resources/log4j.properties > 47 ./tools/bin/pythonSrc/lockfile-0.9.1/lockfile/pidlockfile.py > 48 ./tools/bin/pythonSrc/pychecker-0.8.18/pychecker2/symbols.py > 49. ./src/backend/utils/mb/Unicode/* > 50. ./tools/bin/ext/figleaf/* > 51. ./depends/thirdparty/thrift/lib/py/compat/win32/stdint.h > 52. ./tools/bin/pythonSrc/PyGreSQL-4.0/docs/default.css > 53. ./src/test/locale/test-ctype.c > 54 ./tools/bin/pythonSrc/unittest2-0.5.1/unittest2/ > 55. ./tools/bin/pythonSrc/lockfile-0.9.1/LICENSE > 56. ./src/include/catalog/JSON > 57. ./src/pl/plperl/ppport.h > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
