Joe, Now is certainly the time to address any concerns like this so no worries if false.
For item #1) The source release cannot have any binaries. A convenience binary build generally is comprised on producing binary artifacts and linking them with dependent artifacts much like happens as maven pulls in dependencies. Officially apache projects only do source releases. The binary convenience artifacts some projects, like ours, provide is truly just a convenience. We must take care to ensure that the resulting items are properly licensed and such but the official 'release' is the source code only. For item #2) The tools used to conduct the build are not necessary to call out nor are dependencies like test dependencies, for example. The resulting artifacts in our binary build do need to be accounted for though and yes they do need to be ASLv2 compatible. The LICENSE/NOTICE within nifi-assembly is where the appropriate LICENSE/NOTICE lives for such things. Are there any specific artifacts being pulled in that you're finding problematic? We should definitely get those identified and addressed. Thanks Joe On Fri, Jul 15, 2016 at 5:25 PM, Joe Skora <[email protected]> wrote: > Dear devs, > > I've looking into the 1.0.0 build processes and I noticed a couple things > that I don't understand. > > 1. During the build, nifi-web-ui (and another modules) use NodeJS. This > entails the "frontend-maven-plugin" actually downloading and executing > binary code. That's not something I'd normally expect in a Maven build, > especially when the downloads do not come from repositories referenced in > the NiFi build configuration. > > Is installing a foreign binary and executing it during a build a > problem under Apache? > > 2. The build uses NodeJS, NPM, and Bower (maybe more) but I cannot find any > references to those tools in the license files. Node appears to have it's > own license, with a good bit of stuff rolled in as well. If the relevant > licenses are not Apache compatible this could be a problem. > > Are there any license whisperers who can look at how these need to be > reconciled? > > Sorry if I'm sounding false alarms, but this caught me off guard. I > apologize if missed a prior discussion of this on the dev list. > > Regards, > Joe
