-1 (binding) I don't think that the license documentation is sufficient. It looks like the LICENSE file for the source tarball was auto-generated from dependencies and doesn't document the difference between dependencies and sources that are included. There is at least one library, jersey-json, that is dual licensed with a category B license (CDDL 1.1) and a category X license (GPL v2). I don't _think_ that code from that project is included, but nothing tells me that and if there were code included in the source tarball, this would not be releasable under [ASF policy]( https://www.apache.org/legal/resolved.html).
The NOTICE file is also incomplete, most likely because the documentation is auto-generated. There are clear notices in the text of LICENSE, which is what the NOTICE file is intended for (so downstream projects have one place to look for legally required notices). That file must also be minimal, so I think it needs to be researched and curated rather than generated. Ryan On Thu, Nov 21, 2024 at 5:22 AM Jean-Baptiste Onofré <j...@nanthrax.net> wrote: > Good call Dmitri. > > I agree with this plan. > > Is everyone happy with that ? > > Regards > JB > > On Thu, Nov 21, 2024 at 12:46 AM Dmitri Bourlatchkov > <dmitri.bourlatch...@dremio.com> wrote: > > > > I believe the 0.9.0 release was meant to be a trial release to test the > process. With that in mind, in-memory polaris still works fine in 0.9.0. I > suppose we can finish the release and fix issues on main for 0.9.1. This > way we get to test how smoothly patch releases work too. > > > > ... just my 2 cents :) > > > > Cheers, > > Dmitri. > > > > On Wed, Nov 20, 2024 at 4:53 PM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > >> > >> Just to be clear, my preference would be to revert #438 on 0.9 branch. > >> > >> Regards > >> JB > >> > >> On Wed, Nov 20, 2024 at 10:51 PM Jean-Baptiste Onofré <j...@nanthrax.net> > wrote: > >> > > >> > Hi Dmitri > >> > > >> > Good catch. > >> > > >> > I think it's severe enough to cancel rc1 and prepare a new one > >> > including eclipselink fix. > >> > > >> > Thoughts ? > >> > > >> > Regards > >> > JB > >> > > >> > On Wed, Nov 20, 2024 at 9:21 PM Dmitri Bourlatchkov > >> > <dmitri.bourlatch...@dremio.com.invalid> wrote: > >> > > > >> > > I've just noticed that RC1 includes > >> > > https://github.com/apache/polaris/pull/438, which, I think, makes > >> > > bootstrapping on EclispeLink effectively impossible, because > there's no > >> > > user-level way to discover the generated root secret. > >> > > > >> > > From my personal point of view it is not a release blocker, so I'm > keeping > >> > > my previous +1 vote, but I wanted to raise this concern in case it > is > >> > > important for other people. > >> > > > >> > > Cheers, > >> > > Dmitri. > >> > > > >> > > > >> > > On Tue, Nov 19, 2024 at 11:37 AM Jean-Baptiste Onofré < > j...@nanthrax.net> > >> > > wrote: > >> > > > >> > > > Actually, reverting my vote to +1 (binding) > >> > > > > >> > > > NB > >> > > > - .keep and .typed are actually empty files (even if flagged as > >> > > > binary), so not a problem > >> > > > - I will fix all gradle related issue during release process and > >> > > > documentation (already working on fix about digest sourceTarball > and > >> > > > Maven publication) > >> > > > > >> > > > Regards > >> > > > JB > >> > > > > >> > > > On Tue, Nov 19, 2024 at 6:04 AM Jean-Baptiste Onofré < > j...@nanthrax.net> > >> > > > wrote: > >> > > > > > >> > > > > -1 (binding) > >> > > > > > >> > > > > I found that the source distribution includes binaries, > especially > >> > > > > gradlew, .keep, *.typed, it has to excluded from the source > >> > > > > distribution > >> > > > > > >> > > > > I will cancel this vote to fix that in rc2. > >> > > > > > >> > > > > Regards > >> > > > > JB > >> > > > > > >> > > > > On Sun, Nov 17, 2024 at 7:00 AM Jean-Baptiste Onofré < > j...@nanthrax.net> > >> > > > wrote: > >> > > > > > > >> > > > > > Hi everyone, > >> > > > > > > >> > > > > > I propose that we release the following RC as the official > Apache > >> > > > > > Polaris 0.9.0-incubating release. > >> > > > > > > >> > > > > > * This corresponds to the tag: > apache-polaris-0.9.0-incubating-rc1 > >> > > > > > * > >> > > > > https://github.com/apache/polaris/commits/apache-polaris-0.9.0-incubating-rc1 > >> > > > > > * > >> > > > > https://github.com/apache/polaris/tree/445c42768d1e3148c912ac5c45ee53036b9ef318 > >> > > > > > > >> > > > > > The release tarball, signature, and checksums are here: > >> > > > > > * > >> > > > > https://dist.apache.org/repos/dist/dev/incubator/polaris/0.9.0-incubating/ > >> > > > > > > >> > > > > > You can find the KEYS file here: > >> > > > > > * > https://dist.apache.org/repos/dist/release/incubator/polaris/KEYS > >> > > > > > > >> > > > > > Convenience binary artifacts are staged on Nexus. The Maven > repository > >> > > > URL is: > >> > > > > > * > >> > > > > https://repository.apache.org/content/repositories/orgapachepolaris-1003/ > >> > > > > > > >> > > > > > Please download, verify, and test. > >> > > > > > > >> > > > > > Please vote in the next 72 hours. > >> > > > > > [ ] +1 Release this as Apache polaris 0.9.0-incubating > >> > > > > > [ ] +0 > >> > > > > > [ ] -1 Do not release this because... > >> > > > > > > >> > > > > > Only PPMC members and mentors have binding votes, but other > community > >> > > > > > members are > >> > > > > > encouraged to cast non-binding votes. This vote will pass if > there are > >> > > > > > 3 binding +1 votes and more binding +1 votes than -1 votes. > >> > > > > > > >> > > > > > NB: if this vote passes, a new vote will be started on the > Incubator > >> > > > > > general mailing > >> > > > > > list. > >> > > > > > > >> > > > > > Thanks > >> > > > > > Regards > >> > > > > > JB > >> > > > >
