Filed https://issues.apache.org/jira/browse/PHOENIX-3084 for the source
release and https://issues.apache.org/jira/browse/PHOENIX-3091 for the
binary release.
I tried to give a general overview on what needs to happen in the parent
issue. I am also happy to help fix this, explain in greater details why
it's presently wrong, and/or help others understand how to fix it
themselves.
Sean Busbey wrote:
Ooof. it's always rough when this stuff gets out of sync. FWIW, as a
non-binding community participant, I'd label this stuff a blocker on
further releases. It's too easy to let it slip and is one of the few
mandatory responsibilities we get from the board as a project.
In my prior experience, the key to avoiding this being a months-long
release dry spell (as happened to HBase, Hadoop, and Avro) is managing
to parallelize the work of getting things resolved. It also helps to
get an idea of what the PMC considers must-do for compliance and what
they consider nice-to-have. For some that has been automation and
correct marking on an artifact-by-artifact basis (the strictest
interpretation of the asf policy), for others it has been something
manual that's sufficient to meet the requirements of all upstream
licenses (the loosest interpretation of the asf policy).
Perhaps a [DISCUSS] thread in parallel to Josh filing JIRAs would be
helpful? Right now it looks like all but the Apache Phoenix
4.8.0-HBase-1.1 RC have sufficient votes to pass, so the separate
thread might help get better PMC attention to the issue.
On Sun, Jul 17, 2016 at 2:42 PM, Andrew Purtell
<andrew.purt...@gmail.com> wrote:
A partial prescription:
- Looks like no updates to LICENSE or NOTICE were done when the trace app GSoC
project was merged, hence the issues with bootstrap and other bundled
JavaScript. Time to do a top to bottom review?
- Prune RAT exclusions to the minimum and fix reported issues.
- Over on HBase we also faced a big divergence in what is included in source
and binary convenience artifacts, due to the ton of extra deps that come with
upstream binaries and runtime concerns like embedded UIs. We fixed this through
maven based automated assembly of binary LICENSE and NOTICE files using
templates and velocity macros. Sean Busbey did the lion's share of the work.
Refer to https://issues.apache.org/jira/browse/HBASE-14085 . It was a
significant effort.
On Jul 17, 2016, at 10:53 AM, Josh Elser<els...@apache.org> wrote:
-1 (non-binding) from me with my Phoenix hat on (avoiding putting on the ASF
member hat for now). Lots of wrong licensing stuff in here -- as-in, this
should very definitely not go out as a release. I hope the Phoenix PMC steps up
to -1 this release on their own.
*** Source release:
Good:
* MD5 and GPG sig is fine
* KEYS is good
* Did not find any binary files
* Was able to build the source code
Bad:
* SHA1 xsum is wrong. It looks like complete nonsense to me, but I can't find
the appropriate xsum in that file (which was
64208164580f3467cd2c8b51c0d9f8ac37f0c671)
* Lots of "Copyright ASF" in Java source files which should not be there.
* No license headers on any Apache Phoenix JS files. Looks like these are
completely ignored by the apache-rat check which is very bad.
- All properties files are ignored. They can and should have license headers
(./phoenix-pherf/src/test/resources/pherf.test.properties is missing headers
now, and is just garbled)
* Would be good to have the artifact name be "apache-phoenix-$version.tar.gz"
as that's the project's proper name.
* NOTICE problems
- No Apache Phoenix copyright (should be 20XX-2016)
- Source release does not include HBase, Hadoop, or Commons, does it? Do we
have copied code from these projects in Phoenix source?
- JUnit, SLF4j, JLine, and Antlr are not included in the source release, they
do not belong here.
- Sqlline entry has the wrong website and doesn't belong in NOTICE (should go
in LICENSE)
* LICENSE problems
- ENTIRELY NO MENTION of tons of libraries:
+ Bootstrap (Twitter with MIT license)
+ JQuery (JQuery Foundation with MIT license)
+ AngularJS and Angular-Mocks 1.3.15 (Google, inc. with MIT license)
+ Angular-Routes 1.3.8 (Google, inc with MIT license)
+ Google Chart Api Directive Module for AngularJS (Nicolas Bouillon with
MIT)
+ angular-ui-bootstrap (http://angular-ui.github.io/bootstrap/ with MIT)
+ Sqlline (Marc Prud'hommeaux with BSD)
+ Glyphicons (http://glyphicons.com with CC-By 3.0)
+ Fontawesome fonts (http://fontawesome.io with SIL Open Font license --
which falls into category-b for the ASF for those playing along)
*** Binary release:
Good:
* MD5 and GPG sig are fine
Other:
* I'm not sure how to handle the L&N for the tarball itself (since they just contain JARs which
are in themselves a "binary release"). e.g. should the top-level L&N files contain the
aggregate L&N for all JARs in the binary tarball?
Bad:
* SHA1 is again garbled (I computed 817b68246f8d9c9fc5317660ad1021752996d1f1)
NOTICE problems (tarball):
- Wrong Apache Phoenix copyright (2014, not 20XX-2016)
- Completely different sqlline copyright/license notice than in source
release! Which one is correct?? Also, license information belongs in LICENSE,
not in NOTICE.
- I would strongly bet that Apache Hadoop and HBase both have information in their
NOTICE files which requires propagation (e.g. things other than "Copyright ASF"
which is not required).
LICENSE problems (tarball):
- See all of the same issues from the LICENSE problems in the source-release.
For phoenix-client.jar:
- Multiple LICENSE files lying around but nothing which seems accurate for
the binary artifact being released -- this information should be self-contained
in one file (commonly META-INF/{LICENSE,NOTICE}).
- Not going to enumerate all of the issues, but I see there is at least one
issue in HSQLDB as it's BSD license and not included in LICENSE. I'm guessing
this is missing tons of necessary entries.
For phoenix-tracing-webapp-4.8.0-HBase-1.2-runnable.jar:
- Absolutely no mention of the bundled javascript libraries as outlined in
the source-release.
- (A hunch) missing a necessary entry for UnixCrypt per
https://github.com/eclipse/jetty.project/blob/jetty-8.1.16.v20140903/NOTICE.txt.
There's no git tag for the 8.1.7 version we use.
For now, I'm going to omit going through the rest, but I have lots of fear over
the other shaded jars being similarly inadequate.
- Josh
Ankit Singhal wrote:
Hello Everyone,
This is a call for a vote on Apache Phoenix 4.8.0-HBase-1.2 RC0. This is
the next minor release of Phoenix 4, compatible with Apache HBase 1.2.
The release includes both a source-only release and a convenience binary
release.
This release has feature parity with our other pending 4.8.0 releases and
includes the following improvements:
- Local Index improvements[1]
- Phoenix hive integration[2]
- Namespace mapping support[3]
- Many VIEW enhancements[4]
- Offset support for paging queries[5]
- 100+ Bugs resolved[6]
- Many performance enhancements(related to StatsCache, distinct, Serial
query with Stats etc)
The source tarball, including signatures, digests, etc can be found at:
https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/src/
The binary artifacts can be found at:
https://dist.apache.org/repos/dist/dev/phoenix/phoenix-4.8.0-HBase-1.2-rc0/bin/
For a complete list of changes, see:
*https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120
<https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334393&projectId=12315120>*
Release artifacts are signed with the following key:
*https://people.apache.org/keys/committer/ankit.asc
<https://people.apache.org/keys/committer/ankit.asc>*
KEYS file available here:
https://dist.apache.org/repos/dist/dev/phoenix/KEYS
The hash and tag to be voted upon:
*https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138
<https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=commit;h=c90232fbfaaf8e847703a2be3f5d147b976e2138>*
https://git-wip-us.apache.org/repos/asf?p=phoenix.git;a=tag;h=refs/tags/v4.8.0-HBase-1.2-rc0
Vote will be open until at least, Mon, Jul 18th @ 5pm PST. Please vote:
[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)
Thanks,
The Apache Phoenix Team
[1] https://issues.apache.org/jira/browse/PHOENIX-1734
[2] https://issues.apache.org/jira/browse/PHOENIX-2743
[3] https://issues.apache.org/jira/browse/PHOENIX-1311
[4] https://issues.apache.org/jira/browse/PHOENIX-1508
[5] https://issues.apache.org/jira/browse/PHOENIX-2722
[6] *https://issues.apache.org/jira/browse/filter=12337975#
<https://issues.apache.org/jira/browse/filter=12337975#>*
