Ok. Sounds reasonable. On Wed, Apr 3, 2019 at 3:31 PM Dave Fisher <[email protected]> wrote:
> Hi - > > > On Apr 3, 2019, at 3:20 PM, Ning Wang <[email protected]> wrote: > > > > Got it. Thanks. > > > > My bad. I meant for this version (before the review). > > Look into the License of all the dependent code and packages included in > the built binary. > > There will then need to be procedures to understand when new dependencies > are added so that those can be tested. > > Also, for the source itself, I took a look at the rat-excludes and they > seem to be generous. Let’s review these too. > > > > > One more question, what exactly we need to do to review license? > > Inspect every dependency …. > > > > > On Wed, Apr 3, 2019 at 12:13 PM Dave Fisher <[email protected]> > wrote: > > > >> Hi - > >> > >>> On Apr 3, 2019, at 11:50 AM, Ning Wang <[email protected]> wrote: > >>> > >>> *Inline. > >>> > >>> On Wed, Apr 3, 2019 at 11:36 AM Dave Fisher <[email protected]> > >> wrote: > >>> > >>>> Hi - > >>>> > >>>> See inline: > >>>> > >>>>>>> > >>>>>>> For docker hub image, I published it to > >>>>>>> *https://hub.docker.com/r/apacheheron/heron/tags > >>>>>>> <https://hub.docker.com/r/apacheheron/heron/tags>. It is not the > >> right > >>>>>> one? > >>>>>>> I got an invite after becoming a committer then I thought this is > the > >>>>>>> official one. But maybe it isn't?* > >>>>>> > >>>>>> That one is created and managed by this project, and as such it > >> remains > >>>> an > >>>>>> unofficial location - we’ll need to be careful how it is advertised. > >>>>>> > >>>>>> The official Apache Docker Hub is https://hub.docker.com/u/apache < > >>>>>> https://hub.docker.com/u/apache> > >>>>>> > >>>>>> https://reference.apache.org/pmc/docker < > >>>>>> https://reference.apache.org/pmc/docker> for an example. > >>>>>> > >>>>>> https://issues.apache.org/jira/browse/LEGAL-270 < > >>>>>> https://issues.apache.org/jira/browse/LEGAL-270> for a discussion. > >>>>>> > >>>>>> Let’s discuss via how the apacheheron docker file is produced. > >>>>>> > >>>>>> > >>>>> Ok. Another permission to request. > >>>>> > >>>>> The docker image is built with this jenkins job: > >>>>> > https://builds.apache.org/job/apache-heron-github-docker-image-debian/ > >>>>> > >>>>> I then downloaded it and load/publish. > >>>> > >>>> OK, I see this and I see several build jobs. > >>>> > >>>> And wow - that’s a 1GB archive! > >>>> > >>>> Yeah. It is 1G~ With --squash flag it is smaller (500m to 600m), but > the > >>> flag is not available in Apache Jenkins machines. > >>> > >>> > >>> > >>>> I wonder how much of these Jenkins scripts should be in Jenkins as > >> opposed > >>>> to all in the Git repository and then invoked as 1-3 scripts from > >> Jenkins > >>>> w/ environment variable pick up. This would ultimately benefit those > who > >>>> are trying to understand how to build Heron and what artifacts are > >> brought > >>>> into the binary. > >>>> > >>>> > >>> Agreed. The scripts could be refactored/simplifed further. > >>> > >>> > >>> > >>>> We must do a careful license review of everything included in a > Binary. > >>>> If some of the binary artifacts going to the maven repository are much > >>>> smaller then we should discuss these separately. > >>>> > >>>> Until then just make Source releases. > >>>> > >>> > >>> So it means docker images and those convenience binary packages are not > >>> allowed on github and dockerhub? > >> > >> NO! You are missing the point. I have not been clear. We have to know > what > >> is inside of these packages before they are allowed! We have to go > through > >> a process to confirm that there are no disallowed licenses and that > proper > >> notice for certain licenses are followed. It is tedious, but it is > required. > >> > >> http://www.apache.org/legal/release-policy.html > >> > >> Here is the guide to understand if a license is allowed. > >> > >> http://www.apache.org/legal/resolved.html > >> > >> For example, Apache Releases must not include GPL! > >> > >>> > >>> So the action items for the binary packages are: > >>> 1. remove them from github, resume the 0.20.1 rc2 vote with updated > info. > >>> 2. optimize the binary package sizes. > >>> 3. request permission to uploaded them to Apache dist repo. > >>> 4. license review > >> > >> 4. is 1.5 > >> > >>> > >>> > >>> > >>>> > >>>> BTW - The apacheheron Docker Hub still appears to be from the project > >> and > >>>> Apache and that means it is not allowed unless it can be VOTED on. > >>>> > >>> > >>> My understanding is: > >>> - remove the docker image from apacheheron > >>> - wait for the works on the binary packages are done. > >>> - build and publish to apache docker hub. > >> > >> That would be preferred. > >> > >> Regards, > >> Dave > >> > >>> > >>> > >>> > >>>> > >>>> Please see the VP, Legal and VP, Brand comments on > >>>> https://issues.apache.org/jira/browse/LEGAL-427 > >>>> > >>>> (This is a better and more direct answer than on > >>>> https://issues.apache.org/jira/browse/LEGAL-270 ) > >>>> > >>>> > >>> > >>> > >>>> Does this make sense? > >>>> > >>> > >>> Yeah. Thanks. > >>> > >>> > >>>> Regards, > >>>> Dave > >>>>> > >>>>> > >>>>>> > >>>>>>> > >>>>>>> I thought maven artifacts are on repository.apache.org and source > >>>>>> release > >>>>>>> (may include binary release as well in future) should be in > >>>>>> dist.apache.org. > >>>>>>> Seems I am wrong. I can add the artifacts to dist.apache.org. > >>>>>> > >>>>>> All released artifacts should be on dist.apache.org < > >>>>>> http://dist.apache.org/> first in dev and once the vote is approved > >>>> then > >>>>>> they can be moved. > >>>>>> > >>>>>> For repository.apache.org <http://repository.apache.org/> there is > an > >>>>>> ability to stage, but it may be that you burn a release version if > the > >>>> vote > >>>>>> fails. > >>>>>> > >>>>>> My suggestion is that we wait to put deploy packages to maven / > >>>>>> repository.apache.org <http://repository.apache.org/> until the > vote > >> is > >>>>>> completed. > >>>> > >>>> This is just a suggestion on my part. > >>>> > >>>>>> > >>>>> > >>>>> Ok. Sounds good. Thanks. > >>>>> > >>>>> Also, how about the convenience binary and docker packages? Just to > >>>> confirm > >>>>> that they should or should not be built before the vote? > >>>>> > >>>>> > >>>>>> The VOTE thread should be: > >>>>>> (0) KEYS path - can already update the release location. > >>>>>> (1) For each artifact on dist. > >>>>>> - URL for artifact > >>>>>> - URL for asc signature > >>>>>> - URL for SHA512 hash > >>>>>> > >>>>>> It should be very clear and in plain text. > >>>>>> > >>>>>> It would be helpful on the binary artifacts to make sure there are > >> clear > >>>>>> build instructions. > >>>>>> > >>>>> > >>>>> Got it. > >>>>> > >>>>> > >>>>>> We never discussed the large binary release. > >>>>>> > >>>>>> > >>>>> Right. Currently we are keeping these files in github for now and we > >> will > >>>>> try to move them to Apache dist after reducing the file sizes in > >> future. > >>>>> > >>>>> > >>>>> > >>>>>>> > >>>>>>> Is there anything else we are missing? > >>>>>>> > >>>>>>> Thanks in advance. > >>>>>> > >>>>>> Regards, > >>>>>> Dave > >>>>>> > >>>>>>> > >>>>>>> On Mon, Apr 1, 2019 at 2:17 PM Ning Wang <[email protected]> > >> wrote: > >>>>>>> > >>>>>>>> And - general@incubator mailing list. > >>>>>>>> > >>>>>>>> On Mon, Apr 1, 2019 at 1:53 PM Ning Wang <[email protected]> > >>>> wrote: > >>>>>>>> > >>>>>>>>> Ok. Thanks! > >>>>>>>>> > >>>>>>>>> On Mon, Apr 1, 2019 at 11:55 AM Dave Fisher < > [email protected] > >>> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> -1 - we need to carefully discuss this on dev@heron. > >>>>>>>>>> > >>>>>>>>>> I seem to be the only Heron Mentor paying attention. We need > more > >>>> than > >>>>>>>>>> me! > >>>>>>>>>> > >>>>>>>>>> (1) I cannot really follow this email > >>>>>>>>>> (2) We still need to discuss the docker hub image. (I suggest > that > >>>>>> this > >>>>>>>>>> be unofficial for this round.) > >>>>>>>>>> (3) The binaries on repository.apache.org < > >>>>>> http://repository.apache.org/> > >>>>>>>>>> are not on dist.apache.org <http://dist.apache.org/>. > >>>>>>>>>> > >>>>>>>>>> Apologies, let’s rewind what is included for this release. It > >> needs > >>>> to > >>>>>>>>>> be discussed on dev@ in advance. > >>>>>>>>>> > >>>>>>>>>> Regards, > >>>>>>>>>> Dave > >>>>>>>>>> > >>>>>>>>>>> On Apr 1, 2019, at 11:08 AM, Ning Wang <[email protected]> > >>>> wrote: > >>>>>>>>>>> > >>>>>>>>>>> *Hello, dear IPMC members,This is a call for a vote to release > >>>> Apache > >>>>>>>>>> Heron > >>>>>>>>>>> (Incubating) version 0.20.1.The Apache Heron Community has > voted > >> to > >>>>>>>>>> make > >>>>>>>>>>> the Heron Release 0.20.1-incubating release. We kindly request > >> the > >>>>>>>>>>> Incubator PMC members review and vote on this incubator > >> release.The > >>>>>> dev > >>>>>>>>>>> voting thread is > >>>>>>>>>>> here: > >>>>>>>>>> > >>>>>> > >>>> > >> > https://lists.apache.org/thread.html/7c61de9884bda8f95b798b40ce0bb90b7c768e05f1a90d45e164a7cf@%3Cdev.heron.apache.org%3E > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://lists.apache.org/thread.html/7c61de9884bda8f95b798b40ce0bb90b7c768e05f1a90d45e164a7cf@%3Cdev.heron.apache.org%3E > >>>>>>>>>>> Apache > >>>>>>>>>>> Heron(incubating) is a realtime, distributed, fault-tolerant > >> stream > >>>>>>>>>>> processing engine. This release include source code, maven > >>>> artifacts. > >>>>>>>>>>> Convenience binary packages are also included but not relevant > >> for > >>>>>>>>>> voting > >>>>>>>>>>> purposes.The tag to be voted upon:0.20.1-incubating-rc2 > >>>>>>>>>>> (e6134da336fa290fa1b40972bc747a7507948d8a)The full list of > >> changes > >>>>>> and > >>>>>>>>>>> release notes are available > >>>>>>>>>>> at: > >>>>>>>>>> > >>>>>> > >>>> > >> > https://github.com/apache/incubator-heron/releases/tag/0.20.1-incubating-rc2 > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://github.com/apache/incubator-heron/releases/tag/0.20.1-incubating-rc2 > >>>>>>>>>>> Source > >>>>>>>>>>> files can be found in dist.apache.org <http://dist.apache.org> > >>>>>>>>>>> site: > >>>>>>>>>> > >>>>>> > >>>> > >> > https://dist.apache.org/repos/dist/dev/incubator/heron/heron-0.20.1-incubating-candidate-2/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://dist.apache.org/repos/dist/dev/incubator/heron/heron-0.20.1-incubating-candidate-2/ > >>>>>>>>>>> Docker > >>>>>>>>>>> image is available at: > >>>>>> https://hub.docker.com/r/apacheheron/heron/tags > >>>>>>>>>>> <https://hub.docker.com/r/apacheheron/heron/tags>The generated > >>>>>>>>>> packages, > >>>>>>>>>>> including maven artifacts, installers and docker image are > >>>> available > >>>>>>>>>> here > >>>>>>>>>>> on GitHub: > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://dist.apache.org/repos/dist/dev/incubator/heron/heron-0.20.0-incubating-candidate-5/ > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > https://github.com/apache/incubator-heron/releases/tag/0.20.1-incubating-rc2 > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://github.com/apache/incubator-heron/releases/tag/0.20.1-incubating-rc2 > >>>>>>>>>>> Source > >>>>>>>>>>> SHA-512 > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > checksums:c47fc8c228b5543f94dcf8fb5eb0f8083e84602be4f3b5ca52402b6e3e0f893434f971c317f44c3a69e78e597b96642fd69b5bec63e9a8eb7456c816f8e118f3 > >>>>>>>>>>> incubator-heron-0.20.1-incubating-rc2.tar.gzArtifacts are > >> published > >>>>>>>>>>> to:API: > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-api/0.20.1-incubating-rc2/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-api/0.20.1-incubating-rc2/ > >>>>>>>>>>> SPI: > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-spi/0.20.1-incubating-rc2/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-spi/0.20.1-incubating-rc2/ > >>>>>>>>>>> Storm > >>>>>>>>>>> API: > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-storm/0.20.1-incubating-rc2/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-storm/0.20.1-incubating-rc2/ > >>>>>>>>>>> Simulator: > >>>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-simulator/0.20.1-incubating-rc2/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://repository.apache.org/content/repositories/staging/org/apache/heron/heron-simulator/0.20.1-incubating-rc2/ > >>>>>>>>>>> The > >>>>>>>>>>> artifacts are signed with PGP key 293DB72F865688D1, > corresponding > >>>> to > >>>>>>>>>>> [email protected] <[email protected]>, that can be found in keys > >>>>>>>>>>> file: > >>>> https://dist.apache.org/repos/dist/release/incubator/heron/KEYS > >>>>>>>>>>> < > https://dist.apache.org/repos/dist/release/incubator/heron/KEYS > >>>>>>>>>>> Please > >>>>>>>>>>> download the source package, and follow the compiling > >>>>>>>>>>> guide( > >>>>>>>>>> > >>>>>> > >>>> > >> > https://apache.github.io/incubator-heron/docs/developers/compiling/compiling/ > >>>>>>>>>>> < > >>>>>>>>>> > >>>>>> > >>>> > >> > https://apache.github.io/incubator-heron/docs/developers/compiling/compiling/ > >>>>>>>>>>> )to > >>>>>>>>>>> build and run the Heron locally. Note that currently Bazel > 0.14.1 > >>>> is > >>>>>>>>>>> required to build this version.The vote will be open for at > least > >>>> 72 > >>>>>>>>>> hours > >>>>>>>>>>> or until the necessary number of votes are reached.Please vote > >>>>>>>>>>> accordingly:[ ] +1 approve[ ] +0 no opinion[ ] -1 disapprove > with > >>>> the > >>>>>>>>>>> reasonThanks,The Apache Heron (Incubating) Team* > >>>>>>>>>> > >>>>>>>>>> > >>>>>> > >>>>>> > >>>> > >>>> > >> > >> > >
