My two cents: - The presence of 1.11.0 on the download page means that 1.11.0 has been de facto released, announcement or no announcement. The announcement doesn't add any additional hurt, so I think we should move forward with it. - Separately, let's also announce the licensing issue and say that we're working to rectify it in all affected release lines. To that end, we will release 1.10.1 and 1.11.1 with the fix ASAP. The guidance offered in LEGAL-487 so far seems to corroborate this. - When 1.12.0 is released several months hence, it will be de facto compliant by virtue of whatever fix first landing in master and then being backported to branch-1.10.x and branch-1.11.x. - I don't know whether we should call this out as a "known issue", as that's typically been used for technical issues rather than legal ones. Would be curious to hear what others think, and maybe you can solicit further feedback in LEGAL-487?
On Fri, Nov 1, 2019 at 4:08 PM Alexey Serbin <[email protected]> wrote: > > Hi, > > As Adar recently found, both in Kudu 1.10.0 and Kudu 1.11.0 (due to be > announced today) the kudu-binary artifact contains libnuma library which is > under LGPL v.2.1, but it's against the ASF 3rd-party license policy: > https://www.apache.org/legal/resolved.html#category-x > > See https://issues.apache.org/jira/browse/KUDU-2990 for details. > > Apart from the technical discussion on how to resolve that, there are few > process-related questions like: > 1. How to address the issue in Kudu 1.11.0, which is de facto already out > of the door? > 2. Should we address the issue in upcoming Kudu 1.12.0 release (about 3-4 > month in the future) or implement the solution and release it with Kudu > 1.11.1 ASAP? > 3. If choosing the latter option from the previous item, should the > announcement of the new Kudu 1.11.0 release be postponed/muted, so we > announce only when Kudu 1.11.1 is out with KUDU-2990 addressed? > > Given the timing and the fact that Kudu 1.11.0 artifacts are already > published, I think one of the possible paths forward is to proceed with the > announcement of Kudu 1.11.0 release as planned, but add an item about > KUDU-2990 into the 'known issues' document, so it will be available at the > Apache Kudu website: > https://kudu.apache.org/docs/known_issues.html#_other_known_issues > > What do you think? Your feedback is appreciated. > > > Best regards, > > Alexey
