Followed up and confirmed the same issue is present in

*Apache Superset*
helm repo add superset https://apache.github.io/superset
helm pull superset/superset --untar
head superset/Chart.yaml


apiVersion: v2
appVersion: 4.1.2
dependencies:



*Apache Solr*helm repo add apache-solr https://solr.apache.org/charts
"apache-solr" has been added to your repositories
helm pull apache-solr/solr --untar
head solr/Chart.yaml

annotations:
  artifacthub.io/alternativeName: solrcloud
  artifacthub.io/category: database
  artifacthub.io/changes: |

On Mon, Jun 30, 2025 at 10:59 AM Russell Spitzer <russell.spit...@gmail.com>
wrote:

> Just checked and Airflow has this same issue -
>
> helm repo add apache-airflow https://airflow.apache.org
> helm pull apache-airflow/airflow --untar
> head airflow/Chart.yaml
>
> ---
> annotations:
>   artifacthub.io/changes: |
>     - description: Add extra secret annotations to most secrets
>       kind: added
>       links:
>       - name: '#48890'
>         url: https://github.com/apache/airflow/pull/48890
>     - description: Add support for EdgeExecutor
>       kind: added
>       links:
> _---
>
> So i'm not sure we need to stress about it yet, if the convention is to
> just let helm do it's thing
>
> On Sun, Jun 29, 2025 at 4:21 PM Yufei Gu <flyrain...@gmail.com> wrote:
>
>> JB, thanks for validating it. What happened to Helm is that the command
>> `helm package` reads Chart.yml into a Go struct, then the YAML parser
>> *drops
>> every comment* it encounters. After researching a bit, I couldn’t find a
>> way to configure it to allow comments. Here are two ways to move forward:
>>
>>    1. Using manual package instead of `helm package`, this will keep the
>>    license header for sure, but the package generated cannot be used by
>> the
>>    Helm ecosystem, e.g., `helm verify`, and `helm install`.
>>    2. Still using the `helm package`, while we consider the Helm tarball
>> as
>>    a binary distribution, notice that it contains the license file
>> required by
>>    ASF already. Besides, the real source file of Chart.yaml with license
>>    header is distributed here,
>>
>> https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-1.0.0-incubating/apache-polaris-1.0.0-incubating.tar.gz
>> .
>>    Maybe it’s fine to consider the files in the helm tarball are compiled
>> one
>>    in whatever compiled representations(binary, IR, or something else),
>> here,
>>    the compiled Chart.yaml happened to be a text file. In that case, we
>> can
>>    still distribute the helm package which complies with helm spec.
>>    3. To remove helm chart tarball distribution completely, as it is
>>    distributed with src tarball already.
>>
>> WDYT?
>>
>> Nice catch on the missing OpenHFT license! It would be really helpful to
>> have a tool that can detect these kinds of license omissions
>> automatically,
>> especially since dependencies can go arbitrarily deep in the tree.
>>
>> Yufei
>>
>>
>> On Sat, Jun 28, 2025 at 11:07 PM Jean-Baptiste Onofré <j...@nanthrax.net>
>> wrote:
>>
>> > -1 (binding)
>> >
>> > Not Ok: Helm chart.yaml (in the helm package) doesn't contain the ASF
>> > header whereas the source one contain it
>> > (
>> >
>> https://github.com/apache/polaris/blob/release/1.0.x/helm/polaris/Chart.yaml#L1
>> > ).
>> > It seems the packaging removed the ASF header, which is not correct.
>> > We have to keep the header in the non binary file.
>> > No Ok: OpenHFT should be documented in Spark plugin LICENSE.
>> >
>> > I checked:
>> > - Source distribution
>> > -- incubating is in the version
>> > -- signature and checksum are good
>> > -- DISCLAIMER is present
>> > -- LICENSE and NOTICE are good (personally, I think NOTICE should not
>> > mention Nessie as it's just the copyright and already in the LICENSE,
>> > but one IPMC asked that during 0.9.0 release vote)
>> > -- No binary file found in the source distribution
>> > -- Headers look correct (NB: the files without header are coming from
>> > other projects as mentioned in the LICENSE file and the original file
>> > doesn't contain header, like Docsy or Mustache templates). Nit: the
>> > svg file (from the project) could contain ASF header.
>> > -- Build works from source distribution
>> > - Binary distribution
>> > -- incubating is in the version
>> > -- signature and checksum are good
>> > -- DISCLAIMER is present
>> > -- LICENSE and NOTICE look good
>> > -- Can start Polaris server from the binary distribution
>> > - Helm Chart
>> > -- incubating is in the version
>> > -- DISCLAIMER is present
>> > -- LICENSE and NOTICE are good
>> > -- Signature and checksum are good in prov file
>> > -- NOT OK: Header is not present Chart.yaml
>> > - Bundle jar (Spark)
>> > -- incubating is in the name
>> > -- LICENSE is missing OpenHFT: OpenHFT is shaded in Parquet, so should
>> > be documented in LICENSE. OpenHFT (Java Lang) is using Apache license
>> > (no NOTICE) (https://github.com/OpenHFT/Java-Lang/tree/master). Sorry
>> > I missed that before.
>> >
>> > I will sync with Yufei and provide PRs to fix that.
>> >
>> > Regards
>> > JB
>> >
>> > On Sat, Jun 28, 2025 at 1:34 AM Yufei Gu <flyrain...@gmail.com> wrote:
>> > >
>> > > Hi everyone,
>> > >
>> > > I propose that we release the following RC as the official Apache
>> Polaris
>> > > 1.0.0-incubating release.
>> > >
>> > > This corresponds to the tag: apache-polaris-1.0.0-incubating-rc4
>> > > *
>> > >
>> >
>> https://github.com/apache/polaris/commits/apache-polaris-1.0.0-incubating-rc4
>> > > *
>> > >
>> >
>> https://github.com/apache/polaris/tree/0e901982e47cae94f6934ea14e1d868d92fa13ba
>> > >
>> > > The release tarball, signature, and checksums are here, including both
>> > > source code and binary distributions:
>> > > *
>> > >
>> >
>> https://dist.apache.org/repos/dist/dev/incubator/polaris/apache-polaris-1.0.0-incubating/
>> > >
>> > >
>> > > Helm chart (You can verify with the command `helm verify`):
>> > >
>> > > *
>> > >
>> >
>> https://dist.apache.org/repos/dist/dev/incubator/polaris/helm-chart/1.0.0-incubating/
>> > > NB: the docker images (polaris-server and polaris-admin) will be
>> > published
>> > > on DockerHub once release vote passes.
>> > >
>> > > You can find the KEYS file here:
>> > > * https://downloads.apache.org/incubator/polaris/KEYS
>> > >
>> > > Convenience binary artifacts are staged on Nexus. The Maven repository
>> > URL
>> > > is:
>> > > *
>> >
>> https://repository.apache.org/content/repositories/orgapachepolaris-1024/
>> > >
>> > > Please download, verify, and test.
>> > >
>> > > Please vote in the next 72 hours.
>> > >
>> > > [ ] +1 Release this as Apache polaris 1.0.0-incubating
>> > > [ ] +0
>> > > [ ] -1 Do not release this because...
>> > >
>> > > Only PPMC members and mentors have binding votes, but other community
>> > > members are
>> > > encouraged to cast non-binding votes. This vote will pass if there
>> are 3
>> > > binding +1 votes and more binding +1 votes than -1 votes.
>> > >
>> > > NB: if this vote passes, a new vote has to be started on the Incubator
>> > > general mailing list.
>> > >
>> > > Yufei
>> >
>>
>

Reply via email to