Christian - I reviewed other Apache projects, and they all included 3rd party license headers in the LICENSE file.
Regarding the NOTICE file - we do have that, and I believe it contains the correct text, and I couldn't find any other NOTICE files in dependencies to add to it. ________________________________________ From: Christian Grobmeier <[email protected]> Sent: Friday, April 17, 2015 7:37 PM To: [email protected] Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28 Hi, I just run Rat and then found this thread. > Here are the items (I've indicated the ones I know to be policy with '*', > the others are practices that I commonly see and encourage but I'm not > certain they are policy): > > - The LICENSE file should contain the full license of all dependencies > * (have clearly stated and linked to licenses when not including the > full text) Are you sure with that? I thought the LICENSE contains our license, while we note the other licenses in the NOTICE file. Didn't find proof for my ideas yet. > - Where a dependency is available to us under multiple licenses we > should state that we are using it under the most permissive license > available. This link is interesting, as it says in the case of jQuery we chose MIT. https://www.apache.org/legal/resolved.html#category-x A good think to note int he NOTICE file, see below. > > - The NOTICE file is incomplete, it does not contain references to (for > example) dependencies under the Apache Software license which (as per > clause 4d) requires mention in the NOTICE * (I have not looked to see > if the dependencies have a NOTICE file, if they do not then there is > nothing to do here) I have seen a few people complain much about the NOTICE file. Basically I would prefer to have that around before moving to the incubator, as it surely comes up. Not sure if thats a policy, it reads to me as we should have it: http://apache.org/legal/src-headers.html#notice > > -----Original Message----- > From: Tim Barham [mailto:[email protected]] > Sent: Monday, April 6, 2015 8:03 AM > To: [email protected] > Subject: Re: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > Thanks for that info, Ross. Based on that, I'll create a new vote thread > in the morning referencing the updated package I mentioned below. > > Also, I'll add some tools to jake so anyone can run RAT easily (with the > known exceptions) to validate future releases. > > Thanks! > > Tim > ________________________________________ > From: Ross Gardler (MS OPEN TECH) <[email protected]> > Sent: Friday, April 3, 2015 7:41 AM > To: [email protected] > Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > With respect to the license headers - they all look fine. Go ahead and > add those files as exceptions in the RAT configuration so that it passes. > > Ross > > > > -----Original Message----- > From: Parashuram N (MS OPEN TECH) [mailto:[email protected]] > Sent: Thursday, April 2, 2015 2:12 PM > To: [email protected] > Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > Hi Tim, > > I have not looked at this yet. Do we want to bump it up ? > > -----Original Message----- > From: Tim Barham [mailto:[email protected]] > Sent: Tuesday, March 31, 2015 6:49 AM > To: [email protected] > Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > Hi, I just wanted to follow up on this. Has anyone had a chance to look > at the new package? Also, Ross, I was wondering if you had any feedback > on the various license headers reported by RAT? > > Thanks! > > Tim > > ________________________________________ > From: Tim Barham [[email protected]] > Sent: Thursday, March 19, 2015 6:15 PM > To: [email protected] > Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > Further update: > > 1. I've built a new archive that doesn't contain the pkg folder (which is > the build output), and contains everything else (that was missing in the > previous archive). This archive was create using 'git archive', so it > contains all files in our git repository as of tag 0.9.28. Per your point > Ross that none of the issues should block this release (I verified that > ripple.js is ok, and also it is not included in the new package since it > is an output of the build process), I've not made any changes to the > source. > > The new archive can be found here: http://1drv.ms/1BAKsBJ > > 2. I ran RAT, and it complained about the following files: > > ./assets/client/themes/dark/theme.css > ./assets/client/themes/light/theme.css > ./targets/chrome.extension/controllers/jquery.js > ./thirdparty/3d.js > ./thirdparty/Math.uuid.js > ./thirdparty/draw.js > ./thirdparty/jXHR.js > ./thirdparty/jquery.js > ./thirdparty/jquery.tooltip.js > ./thirdparty/jquery.ui.js > > The various jquery files are, of course, jquery and have headers along > the lines of: > > /*! > * jQuery JavaScript Library v1.6 > * http://jquery.com/ > * > * Copyright 2011, John Resig > * licensed under the MIT > * http://jquery.org/license > * > * Includes Sizzle.js > * http://sizzlejs.com/ > * Copyright 2011, The Dojo Foundation > * Released under the MIT, BSD, and GPL Licenses. > * > * Date: Mon May 2 13:50:00 2011 -0400 > */ > > The two theme.css files were built by the jQuery UI CSS Framework, and > have the following license headers: > > /* > * jQuery UI CSS Framework > * Copyright (c) 2010 AUTHORS.txt (http://jqueryui.com/about) > * Dual licensed under the MIT (MIT-LICENSE.txt) and GPL (GPL-LICENSE.txt) > licenses. > */ > > Math.uuid.js and jXHR.js license headers reference the MIT and/or GPL > licenses. > > Math.uuid.js: > > /*! > Math.uuid.js (v1.4) > http://www.broofa.com > mailto:[email protected] > > Copyright (c) 2010 Robert Kieffer > Dual licensed under the MIT and GPL licenses. > */ > > jXHR.js: > > // jXHR.js (JSON-P XHR) > // v0.1 (c) Kyle Simpson > // MIT License > > The two utilities 3d.js and draw.js don't mention specific licenses, but > that 'Redistribution and use in source and binary forms, with or without > modification, are permitted provided that the following conditions are > met:" - those conditions being that the copyright notice is included and > some other conditions that we meet. > > Anything we need to be concerned about here? > > Thanks, > > Tim > > -----Original Message----- > From: Tim Barham [mailto:[email protected]] > Sent: Wednesday, March 18, 2015 7:18 PM > To: [email protected] > Subject: RE: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release > 0.9.28 > > Thanks hugely for your input, Ross. > > I just wanted to give an update on where I'm at with this - a while back > I started writing some tools to automate some of the packaging stuff > (building and signing archives, and some release verification tools based > on those used for Cordova). I had put them on the backburner, but decided > to revisit them - specifically move them Ripple's existing jake tools, > and add some logic to make it easier to create a package appropriate for > either for Apache archives or for npm. I hoped to have that wrapped up > today, and build and send out a new archive (that included some source > folders that are missing in the current archive, and excluded the pkg > folder), but I'm not quite there. In order to facilitate moving forward > I'll probably just build a new package in the morning rather than waiting > until I have these tools integrated with the existing jake build tools. > > Regarding RAT - yeah, I ran that at one point early on. I'll run it again > tomorrow to verify the results. > > Thanks, > > Tim > > -----Original Message----- > From: Ross Gardler (MS OPEN TECH) [mailto:[email protected]] > Sent: Tuesday, March 17, 2015 3:40 AM > To: [email protected] > Subject: [DISCUSS] Ripple release 0.9.28 RE: [VOTE] Ripple release 0.9.28 > > Tim, thank you again for making this happen. > > Generally it's good practice to post a [DISCUSS] thread before calling > the vote. The Vote should usually be called when it's clear there are no > blocking issues (some projects like to post [DISCUSS} and [VOTE] threads > at the same time (hence my subject change here). > > I don't see any of the issues below as blocking for this release (unless > an empty js file is a technical issue). Incubating projects are given > more slack than top level projects. They need to be fixed in version > control so the next release doesn't have the problem, but no need to > re-roll this release in my opinion. > > Was RAT run against this codebase? http://creadur.apache.org/rat/ > > Thanks, > Ross > > -----Original Message----- > From: Christian Grobmeier [mailto:[email protected]] > Sent: Friday, March 13, 2015 12:16 AM > To: [email protected] > Subject: Re: [VOTE] Ripple release 0.9.28 > > I found the following issues: > > NOTICE -> 2012 :) > > pkg/hosted/ripple.js appears to be empty. Is that correct? > > pkg/hosted do not have license headers. It looks like this would > generated code, which is uploaded to somewhere? In Java-terms it would be > similar to a binary artifact, which also do not have headers. This might > come up as an issue. At Apache we are releasing source code first, > everything else is just nice. The best and easiest thing would be to just > add the header (automatically) to that files. Are there any options? > > /assets/server/images/NOTICE: its in a folder where only the logo > remains. Is the location intended? > I see a lot of images in /pkg/hosted/images, but no NOTICE there Maybe > the included message should just go to the global NOTICE file? > > Thanks, i feel we are close :) > > Christian > > -- > Christian Grobmeier > http://www.grobmeier.de > http://www.timeandbill.de > > On Tue, Mar 10, 2015, at 15:14, Tim Barham wrote: > > Please review and vote on the release of Ripple 0.9.28. > > > > The package you are voting on is available for review at > > http://bit.ly/1FZ8meZ. It was published from its corresponding git tag: > > incubator-ripple: 0.9.28 (1d95fed542) > > > > Since this will be an official Apache release of Ripple (our first!), > > we must be particularly careful that it complies with all Apache > > guidelines for an incubator release. As such, before voting +1, please > > refer to and verify compliance with the checklist at > > http://incubator.apache.org/guides/releasemanagement.html#check-list. > > > > If anyone has concerns that we don't meet any of these requirements, > > please don't hesitate to raise them here so we can discuss and make > > changes if necessary. > > > > If you do give a +1 vote, please include what steps you took in order > > to be confident in the release. > > > > Please also note from Ross's recent email: > > > > > What we need is three +1 "binding" votes, in reality that means > > > three IPMC members. Once a project graduates it means three project > > > management committee members. However, as a mentor (therefore having > > > a binding vote) I look to the project participants to indicate their > > > preference and (assuming no blocking issues on an IP check) I'll > > > always vote in support of the communities non- binding votes. > > > > So please, even though your vote may not be binding, take some time to > > review the release and vote! > > > > Upon a successful vote, we will arrange for the archive to be uploaded > > to dist/incubator/ and publish it to NPM. > > > > Thanks, and looking forward to our first official Ripple release! > > > > Tim
