[I hope this finally gets to the list] On 06.03.2015 09:18, Dmitriy Setrakyan wrote: > I have uploaded the new 1.0 RC2 release to: > http://people.apache.org/~dsetrakyan/ignite-1.0.0-RC2/ > > The following changes have been made: > > - The RAT issues found before were fixed. > - Documentation folder for Markdown documentation was added under docs/wiki > folder (note that these files do not include Apache License header, should > they?) > > Please start voting. > > +1 - to accept the RC2 as Apache Ignite (incubating) 1.0 > 0 - don't care either way > -1 - DO NOT accept RC2 as Apache Ignite (incubating) 1.0 (explain why)
-1 for the reasons described below. 1. I can't find which tag or commit the release package was made from. Maybe I'm not looking in the right places. 2. I couldn't find a rat-excludes file in the release package or on the master branch, so I made a best guess at which files would be listed there; but RAT flags many files in ./docs/wiki and ./modules that do not have a license header or have invalid/unknown licenses. I'm quite surprised by the number of non-Apache licensed files in ./modules. I believe we talked about optional dependencies in the past (see, e.g., Message-ID: <[email protected]>), buy I'm not sure if it was clear enough: * It is perfectly OK to have code that depends on libraries that have an incompatible license (GPL is one such, for example), as long as the dependency is optional * It is fine to have the dependency itself in the repository for the convenience of developers; however, * Such dependencies must not be packaged in the release. Anything in the source package must be listed in NOTICE and LICENSE; code under GPL or similar incompatible licenses must *not* be distributed in an Apache release. The build system can download the sources and/or libs/jars if the user explicitly requests them. The build instructions, or the build scripts themselves, should clearly inform the user that, by using such extensions, the license terms of the compiled binary may change significantly from the provisions of the ALv2. Example: Subversion has the provision to build a repository back-end that uses Berkeley DB. BDB was originally licensed under GPL, so Subversion's 'configure' script must be explicitly given the opion '--with-berkeley-db' to use it, even if it can find it in the default includes/libs location. Since version 6, BDB's license has changed, so we added another flag, '--enable-bdb6'. If the user invokes configure --with-berkeley-db but without the additional flag, and configure finds BDB 6+, it prints the following warning: Berkeley DB 6 was found, but not used. Please re-run configure (see ./config.nice) with the '--enable-bdb6' flag to use it, or explicitly specify '--disable-bdb6' or '--without-berkeley-db' to silence this warning. Please note that some versions of Berkeley DB 6+ are under the GNU Affero General Public License, version 3: https://oss.oracle.com/pipermail/bdb/2013-June/000056.html The AGPL-3.0 licence may impose special requirements for making available source code of server-side software. The text of the licence is: https://www.gnu.org/licenses/agpl-3.0.html http://opensource.org/licenses/AGPL-3.0 All of the above means that many parts of the ./modules directory should be excluded from the source package, and these optional dependencies should not be included in any binaries you provide. Exactly which licenses are incompatible is described here: http://www.apache.org/legal/resolved.html 3. I'm trying to understand the intent of the ./licenses directory. The files there seem to be instructions for IDEs to add the required license headers to source files. I don't think this should be part of the packaged source release, though of course there's nothing wrong if it is. 4. Finally, I didn't find any instructions for building Ignite from source, only installation instructions that assume it's already built. Whilst telling people how to build from source isn't strictly required, heh, Iwould expect to find at least a tiny hint. -- Brane
