On 14/08/16 04:19, Ellison Anne Williams wrote:
> Hi,
>
> This is the vote for release 0.1.0 of Apache Pirk (incubating).
>
> The vote will be going for at least 72 hours and will be closed on Wednesday
> ,
> August 16, 2016.
>
> The artifacts can be downloaded here: https://repository.apache.
> org/content/repositories/orgapachepirk-1001/org/apache/
> pirk/apache-pirk/0.1.0-incubating/
>
> All JIRAs completed for this release are tagged with 'FixVersion = 0.1.0'.
> You can view them here: https://issues.apache.org/jira/browse/PIRK-47?jql=
> project%20%3D%20PIRK%20AND%20fixVersion%20%3D0.1.0
>
> The artifacts have been signed with Key : 1FD8849B
>
> Please vote accordingly:
>
> [ ] +1, accept RC as the official 0.1.0 release
> [ ] +0, I don't care either way,
> [ ] -1, do not accept RC as the official 0.1.0 release because...
>
> Thanks!
>
> Ellison Anne
>
Wow, you guys have had a busy weekend.
Looking at the files in that directory...
(1) Principal release artefact:
apache-pirk-0.1.0-incubating-source-release.zip
- sig & sums check ok.
- EAW's pub key is in LDAP, KEYS file, etc.
- build and test ok on Oracle Java 8b91, RHEL6.
- Notice, License files ok.
- RAT checks pass.
(2) JavaDocs:
apache-pirk-0.1.0-incubating-javadoc.jar
- sig and sums check ok.
- Notice and Licence files ok (in META-INF/).
- JavaDocs render ok.
(3) Maven pom file:
- sig and sums check ok.
- references to license and notices ok.
- not checked building with it, but oking
as minimal diff with project pom.
(4) Dependency combined binary convenience:
apache-pirk-0.1.0-incubating-exe.jar
- sig and sums check ok.
- not tested
** notices and license files confusion.
** not passing on notices for included dependencies.
jar contains
/LICENSE-junit.txt
JUnit license
/LICENSE.txt
BSD license (from Hamcrest)
/license/*
contains ALv2, and other license and NOTICE file for XML APIs.
/META-INF/LICENSE
ALv2
/META-INF/LICENSE.txt
ALv2 (with reference to org.apache.commons.math3.ml.neuralnet)
/META-INF/license/*
licenses for a variety of dependencies, including
LICENSE.jboss-logging.txt -> LGPLv2
/META-INF/NOTICE
Pirk (only) notice file.
/META-INF/NOTICE.txt
Commons Math notice file.
(5) Pirk-only Source JAR
apache-pirk-0.1.0-incubating-sources.jar
- sig and sums check ok.
- Notice and Licence files ok (in META-INF/).
- Contains JMH generated source code
org.apache.pirk.benchmark.generated.*
org.openjdk.jmh.infra.generated.*
** Are we clear on the license for these files?
** Fails RAT checks due to unspecified licenses on these files.
- Not tried compiling / further testing.
(6) Pirk-only Binary JAR
apache-pirk-0.1.0-incubating.jar
- sig and sums check ok.
- Notice and Licence files ok (in META-INF/).
- FYI contains an empty directory (/org/openjdk/).
- FYI contains a subset of test material.
- No further testing.
I have to vote -1 (binding) on these artefacts due to the issues
identified in (4) and possibly (5).
Notably:
(i) we indicate there is LGPLv2.1 material in this release. If true
this is contrary to ASF's policy [1], if not then the license text
should be removed.
(ii) we are not passing through the required NOTICES for Pirk's
dependencies as required by their terms.
Pirk's transitive JAR has deep dependencies, so if we are redistributing
them we must include their notice files too. Our JAR has a number of
NOTICE files, but they are not comprehensive. Better to have a single
complete NOTICE file, e.g. [2].
(iii) we should clarify the licence of generated JMH files, and exclude
them for the RAT check or remove them from the artefacts as required.
[1] http://www.apache.org/legal/resolved.html#category-x
[2] https://github.com/apache/spark/blob/master/NOTICE
p.s. I appreciate that (4) is potentially a significant effort to
resolve, but the convenience JAR is not essential to a release, so we
may consider dropping that from the release artefacts this time round.
Just a thought.
Regards,
Tim
