Followed up and confirmed the same issue is present in
*Apache Superset* helm repo add superset https://apache.github.io/superset helm pull superset/superset --untar head superset/Chart.yaml apiVersion: v2 appVersion: 4.1.2 dependencies: *Apache Solr*helm repo add apache-solr https://solr.apache.org/charts "apache-solr" has been added to your repositories helm pull apache-solr/solr --untar head solr/Chart.yaml annotations: artifacthub.io/alternativeName: solrcloud artifacthub.io/category: database artifacthub.io/changes: | On Mon, Jun 30, 2025 at 10:59 AM Russell Spitzer <russell.spit...@gmail.com> wrote: > Just checked and Airflow has this same issue - > > helm repo add apache-airflow https://airflow.apache.org > helm pull apache-airflow/airflow --untar > head airflow/Chart.yaml > > --- > annotations: > artifacthub.io/changes: | > - description: Add extra secret annotations to most secrets > kind: added > links: > - name: '#48890' > url: https://github.com/apache/airflow/pull/48890 > - description: Add support for EdgeExecutor > kind: added > links: > _--- > > So i'm not sure we need to stress about it yet, if the convention is to > just let helm do it's thing > > On Sun, Jun 29, 2025 at 4:21 PM Yufei Gu <flyrain...@gmail.com> wrote: > >> JB, thanks for validating it. What happened to Helm is that the command >> `helm package` reads Chart.yml into a Go struct, then the YAML parser >> *drops >> every comment* it encounters. After researching a bit, I couldn’t find a >> way to configure it to allow comments. Here are two ways to move forward: >> >> 1. Using manual package instead of `helm package`, this will keep the >> license header for sure, but the package generated cannot be used by >> the >> Helm ecosystem, e.g., `helm verify`, and `helm install`. >> 2. Still using the `helm package`, while we consider the Helm tarball >> as >> a binary distribution, notice that it contains the license file >> required by >> ASF already. Besides, the real source file of Chart.yaml with license >> header is distributed here, >> >> https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-1.0.0-incubating/apache-polaris-1.0.0-incubating.tar.gz >> . >> Maybe it’s fine to consider the files in the helm tarball are compiled >> one >> in whatever compiled representations(binary, IR, or something else), >> here, >> the compiled Chart.yaml happened to be a text file. In that case, we >> can >> still distribute the helm package which complies with helm spec. >> 3. To remove helm chart tarball distribution completely, as it is >> distributed with src tarball already. >> >> WDYT? >> >> Nice catch on the missing OpenHFT license! It would be really helpful to >> have a tool that can detect these kinds of license omissions >> automatically, >> especially since dependencies can go arbitrarily deep in the tree. >> >> Yufei >> >> >> On Sat, Jun 28, 2025 at 11:07 PM Jean-Baptiste Onofré <j...@nanthrax.net> >> wrote: >> >> > -1 (binding) >> > >> > Not Ok: Helm chart.yaml (in the helm package) doesn't contain the ASF >> > header whereas the source one contain it >> > ( >> > >> https://github.com/apache/polaris/blob/release/1.0.x/helm/polaris/Chart.yaml#L1 >> > ). >> > It seems the packaging removed the ASF header, which is not correct. >> > We have to keep the header in the non binary file. >> > No Ok: OpenHFT should be documented in Spark plugin LICENSE. >> > >> > I checked: >> > - Source distribution >> > -- incubating is in the version >> > -- signature and checksum are good >> > -- DISCLAIMER is present >> > -- LICENSE and NOTICE are good (personally, I think NOTICE should not >> > mention Nessie as it's just the copyright and already in the LICENSE, >> > but one IPMC asked that during 0.9.0 release vote) >> > -- No binary file found in the source distribution >> > -- Headers look correct (NB: the files without header are coming from >> > other projects as mentioned in the LICENSE file and the original file >> > doesn't contain header, like Docsy or Mustache templates). Nit: the >> > svg file (from the project) could contain ASF header. >> > -- Build works from source distribution >> > - Binary distribution >> > -- incubating is in the version >> > -- signature and checksum are good >> > -- DISCLAIMER is present >> > -- LICENSE and NOTICE look good >> > -- Can start Polaris server from the binary distribution >> > - Helm Chart >> > -- incubating is in the version >> > -- DISCLAIMER is present >> > -- LICENSE and NOTICE are good >> > -- Signature and checksum are good in prov file >> > -- NOT OK: Header is not present Chart.yaml >> > - Bundle jar (Spark) >> > -- incubating is in the name >> > -- LICENSE is missing OpenHFT: OpenHFT is shaded in Parquet, so should >> > be documented in LICENSE. OpenHFT (Java Lang) is using Apache license >> > (no NOTICE) (https://github.com/OpenHFT/Java-Lang/tree/master). Sorry >> > I missed that before. >> > >> > I will sync with Yufei and provide PRs to fix that. >> > >> > Regards >> > JB >> > >> > On Sat, Jun 28, 2025 at 1:34 AM Yufei Gu <flyrain...@gmail.com> wrote: >> > > >> > > Hi everyone, >> > > >> > > I propose that we release the following RC as the official Apache >> Polaris >> > > 1.0.0-incubating release. >> > > >> > > This corresponds to the tag: apache-polaris-1.0.0-incubating-rc4 >> > > * >> > > >> > >> https://github.com/apache/polaris/commits/apache-polaris-1.0.0-incubating-rc4 >> > > * >> > > >> > >> https://github.com/apache/polaris/tree/0e901982e47cae94f6934ea14e1d868d92fa13ba >> > > >> > > The release tarball, signature, and checksums are here, including both >> > > source code and binary distributions: >> > > * >> > > >> > >> https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-1.0.0-incubating/ >> > > >> > > >> > > Helm chart (You can verify with the command `helm verify`): >> > > >> > > * >> > > >> > >> https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/1.0.0-incubating/ >> > > NB: the docker images (polaris-server and polaris-admin) will be >> > published >> > > on DockerHub once release vote passes. >> > > >> > > You can find the KEYS file here: >> > > * https://downloads.apache.org/incubator/polaris/KEYS >> > > >> > > Convenience binary artifacts are staged on Nexus. The Maven repository >> > URL >> > > is: >> > > * >> > >> https://repository.apache.org/content/repositories/orgapachepolaris-1024/ >> > > >> > > Please download, verify, and test. >> > > >> > > Please vote in the next 72 hours. >> > > >> > > [ ] +1 Release this as Apache polaris 1.0.0-incubating >> > > [ ] +0 >> > > [ ] -1 Do not release this because... >> > > >> > > Only PPMC members and mentors have binding votes, but other community >> > > members are >> > > encouraged to cast non-binding votes. This vote will pass if there >> are 3 >> > > binding +1 votes and more binding +1 votes than -1 votes. >> > > >> > > NB: if this vote passes, a new vote has to be started on the Incubator >> > > general mailing list. >> > > >> > > Yufei >> > >> >