Hi PJ Fanning, Thanks for the help. I have updated the code as you suggested.
1. Updated [DISCLAIMER-WIP]( https://github.com/apache/incubator-resilientdb/blob/master/DISCLAIMER-WIP) and removed the license info there. 2. Updated [LICENSE]( https://github.com/apache/incubator-resilientdb/blob/master/LICENSE) to fix the public domain issue. I also removed the license for bazel stuff. 3. Provided install [scripts]( https://github.com/apache/incubator-resilientdb/blob/master/INSTALL/README.md) for non-root users. However, the users still need to install python3 and pip using sudo. The release candidates: https://dist.apache.org/repos/dist/dev/incubator/resilientdb/1.10.0-rc2/ Release notes: https://github.com/apache/incubator-resilientdb/blob/master/CHANGELOG.md#resielientdb-v1100-2024-4-16 Git commit ID for the release: [9bdc6783219db301bc4ab8f171965cb9181a10d5]( https://github.com/apache/incubator-resilientdb/commit/9bdc6783219db301bc4ab8f171965cb9181a10d5 ) Keys to verify the Release Candidate: https://downloads.apache.org/incubator/resilientdb/KEYS To compile from the source, please refer to: https://github.com/apache/incubator-resilientdb?tab=readme-ov-file#build-and-deploy-resilientdb We asked PPMC to help us check the release, but unfortunately, they were too busy to respond. Thanks, Junchao On Sat, Jun 22, 2024 at 5:35 PM PJ Fanning <fannin...@apache.org> wrote: > -1 from me > > My 2 biggest concerns are: > * INSTALL.sh [1] requires sudo - I'm not sure that it does to be honest - > but I will not run an install on my laptop that requires sudo for security > reasons. It also uses curl commands to install Bazel. I would prefer if you > provided a buold script that does not use sudo and that assumes the user > has Bazel installed. You can provide a link in your docs about how to > install Bazel. > * I know you are using a DISCLAIMER-WIP file which allows you not to have > finalised the 3rd party info in your LICENSE [2] file but there are factual > inaccuracies in the file are far as I can see. It is one thing to have > omissions but I think false claims are a big problem. Some of these false > claims are listed in the DISCLAIMER-WIP [3]. I don't even know why you > include license info in the DISCLAIMER-WIP (you do need to state that users > need to check the licensing of the 3rd party code because you have not > completed this work). Under public domain you include: > > * protobuf-3.10.0 (https://github.com/protocolbuffers/protobuf) > > Protobuf is not public domain. I think many of the other items you listed > are not public domain either. > > I'm not sure why you are even listing this stuff in your LICENSE. The > LICENSE is for the source code that is in the source release. If you link > to binaries that are pulled in the install, that is not something that does > not affect the LICENSE. Many projects provide a separate LICENSE-BINARY > file but this is not strictly necessary unless you are providing a binary > release as well as a source release. > > I'm also concerned about the health of the ResilientDB PPMC. PPMC members > need to be more involved in checking the release candidates. You shouldn't > be relying on Incubator PMC members to do the checks - we are just a final > check but we assume that the PPMC members have been actively involved in > checking the release candidates first. > > > I also noted a number of issues in the Vote email. > > The preference for the KEYS file is to link this file > https://downloads.apache.org/incubator/resilientdb/KEYS > Which is a CDN equivalent of > https://dist.apache.org/repos/dist/release/incubator/resilientdb/KEYS > > The vote email should include the Git commit ID. The Git tag is useful too > but Git tags can be moved. > The commit ID appears to be 1b5b5e39884f72345f682209add8ab3dc491bb7e > > Your link to the docs to compile the code is broken > This works: > > https://github.com/apache/incubator-resilientdb?tab=readme-ov-file#build-and-deploy-resilientdb > > > > [1] https://github.com/apache/incubator-resilientdb/blob/master/INSTALL.sh > [2] https://github.com/apache/incubator-resilientdb/blob/master/LICENSE > [3] > https://github.com/apache/incubator-resilientdb/blob/master/DISCLAIMER-WIP > > > > On 2024/06/22 03:31:30 Junchao Chen wrote: > > Hello, > > > > This is a call for vote to release Apache ResilientDB(Incubating) version > > 1.10.0-RC2. > > > > The release candidates: > > https://dist.apache.org/repos/dist/dev/incubator/resilientdb/1.10.0-rc2/ > > > > Release notes: > > > https://github.com/apache/incubator-resilientdb/blob/master/CHANGELOG.md#resielientdb-v1100-2024-4-16 > > > > Git tag for the release: > > https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc02 > > > > Keys to verify the Release Candidate: > > https://dist.apache.org/repos/dist/dev//incubator/resilientdb/KEYS > > > > The vote will be open for at least 72 hours or until the necessary number > > of votes are reached. > > > > Please vote accordingly: > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove with the reason > > > > Checklist for reference: > > > > [ ] Download links are valid. > > [ ] Checksums and PGP signatures are valid. > > [ ] Source code distributions have correct names matching the current > > release. > > [ ] LICENSE and NOTICE files are correct for each repo. > > [ ] All files have license headers if necessary. > > [ ] No unlicensed compiled archives bundled in the source archive. > > > > To compile from the source, please refer to: > > > https://github.com/apache/incubator-resilientdb/tree/1.10.0-rc02?tab=readme-ov-file#build-and-deploy-resilientdb > > < > https://github.com/apache/incubator-resilientdb/tree/v1.10.0-rc01?tab=readme-ov-file#build-and-deploy-resilientdb > > > > > > > > Thanks, > > Junchao > > >
