Hi Sebastian ,
I'm hoping that you can review the changes we made to Knox 0.3.1 RC4
based on your feedback.
The RC4 is staged at
https://dist.apache.org/repos/dist/dev/incubator/knox/knox-incubating-0.3.1/
The source is in the branch v0.3.1 of
https://git-wip-us.apache.org/repos/asf/incubator-knox.git
These are the steps that we have taken to address the issues you raised.
1) Removed the hadoop-examples.jar from the repo and built an equivalent
from source in the repo.
2) Removed the LICENSE and NOTICE files from gateway-release/home.
These now only
exist in the root of the repo.
3) The NOTICE file has been corrected to use "developed by" vs
"developed at".
4) The LICENSE file now contains a clarification that the non-Apache
licenses contained in
that file are for non-Apache binary dependencies included in the binary
release artifacts.
5) For our 0.4.0 release we are planning on adopting the model you have
used in JMeter
and possibly other projects where the LICENSE file references a
license/bin directory. We
didn't want to undertake that in the context of a late patch release RC.
Thanks for you insight here and I hope we are getting closer to having
everything correct.
Kevin.
On 12/2/13 4:29 PM, sebb wrote:
On 2 December 2013 20:44, Kevin Minder <[email protected]> wrote:
Sebb,
Thanks for your careful review. I'd like your continued insight into two
specific issues that you have raised.
WRT the NOTICE files in root vs gatway-release/home, this is actually an
issue that I struggled with when laying things out initially. We certainly
don't include the source for 3rd party products anywhere. This covers why
they are not mentioned in NOTICE at the top level of the source
repo/archive. The NOTICE file in gatway-release/home ends up in the root
of our binary distributions. This binary distribution does contain the
JARs for those 3rd party products. Therefore I thought I was following the
rules by having these two NOTICE files be different and represent the
actual content of the respective archives.
I see.
In which case it would be better if the files were called something
like NOTICE.binary or NOTICE_binary and copied to the appropriate file
names as part of the assembly descriptor. That would avoid any
possible confusion for end-users.
The binary NOTICE still has "developed by" when it should be "developed at".
It's important that the NOTICE file only contains required attributions.
See http://www.apache.org/dev/licensing-howto.html#mod-notice
It seems to me that some (most?) of the references are *not* required.
For example the ANTLR license should be covered by the inclusion of
the text in the LICENSE file. It does not also need to be in NOTICE.
Similarly for ASM, Bouncy Castle etc.
See the following page for more info on what licenses are permitted in
binary distributions:
http://www.apache.org/legal/resolved.html
For hadoop-examples.jar I understand your reaction. I would like to try
and justify the inclusion for this specific use case however. This JAR is
included for "ease of use", especially for first time users. Basically to
use Knox with Hadoop you need to have an existing Hadoop "application".
Our user's guide walks through an example of uploading and running this
sample Hadoop application. (It is not used at compile time at all). If we
don't check this into SCM and build it as part of Knox, that would create a
tight coupling between Knox and a specific Hadoop version only used to
create this post-install sample JAR file. I think about this similar to
including a sample JPEG in a image processor distribution. There you
wouldn't expect the JPEG to be build from source.
That's not a good analogy as jpegs are rarely built from source.
There has to be a better way to handle the Hadoop jar.
All that being said, we
certainly shouldn't have two copies, although fixing that will be an
interesting maven challenge.
Assembly descriptors allow files to be copied to a different place in
the archive.
This is trivial, so there is definitely no need for *two* copies.
AFAIK Maven also allows jars to be included from the local repo, so it
should be possible to remove the copies from the source entirely.
Thanks again for your continued feedback!
Kevin.
On Mon, Dec 2, 2013 at 3:24 PM, sebb <[email protected]> wrote:
On 2 December 2013 20:17, Larry McCay <[email protected]> wrote:
Thank you again, Sebb.
I am noting your new findings here and will fix them asap for the next
release.
I assume that your lack of an actual vote indicates that these fixes can
be
made in the next release and that you are not indicating that this RC
should be abandoned. Please let me know if this is an inappropriate
assumption.
Sorry, I should have said - I think the problems are blockers.
It's vital that the NOTICE and LICENSE files are correct for ASF releases.
So if I were the RM, I would want to redo the release.
On Mon, Dec 2, 2013 at 2:30 PM, sebb <[email protected]> wrote:
On 20 November 2013 16:09, larry mccay <[email protected]> wrote:
Hello All,
This is a call for a vote on Apache Knox Gateway 0.3.1 incubating.
A vote was held on developer mailing list and it passed with 3 +1's,
and
0
-1's or +0's and now
requires a vote on [email protected].
The [VOTE] thread can be found at:
http://mail-archives.apache.org/mod_mbox/incubator-knox-dev/201311.mbox/%3CCACRbFyjgLrCSahhtWWHK-%3DaeQFM4Oegbe3fQjs-RV2-TAnhdxA%40mail.gmail.com%3E
The release candidate is a zip archive of the sources in:
https://git-wip-us.apache.org/repos/asf/incubator-knox.git
Branch v0.3.1 (git checkout -b v0.3.1)
Tag:
https://git-wip-us.apache.org/repos/asf?p=incubator-knox.git;a=tag;h=5a907022dbc2b0a8534de47fe7b8c871c4f075f9
The NOTICE file is wrong:
https://git-wip-us.apache.org/repos/asf?p=incubator-knox.git;a=blob_plain;f=NOTICE;hb=61e85e0b89b415361159bb973d050bdd8ab92acb
The lines enclosed in == need to be removed.
"This product includes software developed by"
should be
"This product includes software developed at"
There is another NOTICE and LICENSE file at
gatway-release/home
These are completely different from the ones at the top-level, and
mention a lot of 3rd party products.
Does the source archive really contain all the 3rd party products as
source?
If so, then this needs to be in the NOTICE and LICENSE files at the
top-level of SCM and the source archive.
If not, the references need to be removed.
The N&L files must only relate to bits which are actually included in
the distribution (SCM/source archive/binary archive).
Source archive zip file and signature are available from:
https://dist.apache.org/repos/dist/dev/incubator/knox/knox-incubating-0.3.1/knox-incubating-0.3.1-src.zip
https://dist.apache.org/repos/dist/dev/incubator/knox/knox-incubating-0.3.1/knox-incubating-0.3.1-src.zip.asc
The source archive contains two copies of the binary archive
hadoop-examples.jar.
External binary dependencies should not be bundled in the source (nor
in the SCM).
Checksums of the source archive:
SHA1: 04bb11360f57c0431c30cfb181e3199868fe6053
The KEYS file can be found at:
https://dist.apache.org/repos/dist/dev/incubator/knox/knox-incubating-0.3.1/KEYS
The release changes file can be found at:
https://dist.apache.org/repos/dist/dev/incubator/knox/knox-incubating-0.3.1/CHANGES
The release has been signed with key (587C089B):
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x82F9C371587C089B
Vote will be open for 72 hours.
(a minimum of)
thanks,
--larry
Larry McCay
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity
to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified
that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender
immediately
and delete it from your system. Thank You.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
