Thanks for the feedback. Tim. See my comments inline below.
@Ellison lets rollback the release. On Mon, Aug 15, 2016 at 7:35 AM, Tim Ellison <[email protected]> wrote: > On 14/08/16 04:19, Ellison Anne Williams wrote: > > Hi, > > > > This is the vote for release 0.1.0 of Apache Pirk (incubating). > > > > The vote will be going for at least 72 hours and will be closed on > Wednesday > > , > > August 16, 2016. > > > > The artifacts can be downloaded here: https://repository.apache. > > org/content/repositories/orgapachepirk-1001/org/apache/ > > pirk/apache-pirk/0.1.0-incubating/ > > > > All JIRAs completed for this release are tagged with 'FixVersion = > 0.1.0'. > > You can view them here: https://issues.apache.org/jira > /browse/PIRK-47?jql= > > project%20%3D%20PIRK%20AND%20fixVersion%20%3D0.1.0 > > > > The artifacts have been signed with Key : 1FD8849B > > > > Please vote accordingly: > > > > [ ] +1, accept RC as the official 0.1.0 release > > [ ] +0, I don't care either way, > > [ ] -1, do not accept RC as the official 0.1.0 release because... > > > > Thanks! > > > > Ellison Anne > > > > Wow, you guys have had a busy weekend. > > Looking at the files in that directory... > > (1) Principal release artefact: > apache-pirk-0.1.0-incubating-source-release.zip > - sig & sums check ok. > - EAW's pub key is in LDAP, KEYS file, etc. > - build and test ok on Oracle Java 8b91, RHEL6. > - Notice, License files ok. > - RAT checks pass. > > (2) JavaDocs: > apache-pirk-0.1.0-incubating-javadoc.jar > - sig and sums check ok. > - Notice and Licence files ok (in META-INF/). > - JavaDocs render ok. > > (3) Maven pom file: > - sig and sums check ok. > - references to license and notices ok. > - not checked building with it, but oking > as minimal diff with project pom. > > (4) Dependency combined binary convenience: > apache-pirk-0.1.0-incubating-exe.jar > - sig and sums check ok. > - not tested > ** notices and license files confusion. > ** not passing on notices for included dependencies. > > jar contains > /LICENSE-junit.txt > JUnit license > /LICENSE.txt > BSD license (from Hamcrest) > /license/* > contains ALv2, and other license and NOTICE file for XML APIs. > /META-INF/LICENSE > ALv2 > /META-INF/LICENSE.txt > ALv2 (with reference to org.apache.commons.math3.ml.neuralnet) > /META-INF/license/* > licenses for a variety of dependencies, including > LICENSE.jboss-logging.txt -> LGPLv2 > /META-INF/NOTICE > Pirk (only) notice file. > /META-INF/NOTICE.txt > Commons Math notice file. > > (5) Pirk-only Source JAR > apache-pirk-0.1.0-incubating-sources.jar > - sig and sums check ok. > - Notice and Licence files ok (in META-INF/). > - Contains JMH generated source code > org.apache.pirk.benchmark.generated.* > org.openjdk.jmh.infra.generated.* > ** Are we clear on the license for these files? > ** Fails RAT checks due to unspecified licenses on these files. > - Not tried compiling / further testing. > > (6) Pirk-only Binary JAR > apache-pirk-0.1.0-incubating.jar > - sig and sums check ok. > - Notice and Licence files ok (in META-INF/). > - FYI contains an empty directory (/org/openjdk/). > - FYI contains a subset of test material. > - No further testing. > > > I have to vote -1 (binding) on these artefacts due to the issues > identified in (4) and possibly (5). > > Notably: > (i) we indicate there is LGPLv2.1 material in this release. If true > this is contrary to ASF's policy [1], if not then the license text > should be removed. > > (ii) we are not passing through the required NOTICES for Pirk's > dependencies as required by their terms. > Definitely needs to be fixed. > > Pirk's transitive JAR has deep dependencies, so if we are redistributing > them we must include their notice files too. Our JAR has a number of > NOTICE files, but they are not comprehensive. Better to have a single > complete NOTICE file, e.g. [2]. > > (iii) we should clarify the licence of generated JMH files, and exclude > them for the RAT check or remove them from the artefacts as required. > These are being excluded from generated binary jar, guess they need to be excluded from the sources jar too. > > [1] http://www.apache.org/legal/resolved.html#category-x > [2] https://github.com/apache/spark/blob/master/NOTICE > > > p.s. I appreciate that (4) is potentially a significant effort to > resolve, but the convenience JAR is not essential to a release, so we > may consider dropping that from the release artefacts this time round. > Agree, I guess the reason we are even creating that uber artifact could be for Hadoop jobs. Let's drop it from this release and definitely fix it for the next. Just a thought. > > Regards, > Tim >
