Agree with Colm. The licensing issues could be a problem for the official release, so we should address them. I've seen other components blocking releases due to licensing issues.
On Wed, Nov 29, 2017 at 10:22 AM, Colm O hEigeartaigh <cohei...@apache.org> wrote: > If you are happy with the duplicate jars issue, then it's not a blocker for > this release from my POV (although I wonder how it's going to work?). > > But I think the license issue is a blocker, unfortunately. It's just a > matter of going through each of the jars in "lib" and adding the license > information if they are not Apache licensed at the end of our LICENSE.txt > in the distribution. In addition, any additional copyright notices they > have in the NOTICE file in the source must be added to our NOTICE file. > > Colm. > > On Wed, Nov 29, 2017 at 4:12 PM, Kalyan Kumar Kalvagadda < > kkal...@cloudera.com> wrote: > > > Colm, > > > > Just to let you know duplicate dependency issue is there in older sentry > > release as well. Its not introduced in sentry 2.0 release. > > I'm sure that would case even for jar's that are not licensed by Apache. > > > > Why don't we address in sentry 2.1.0 release? > > > > -Kalyan. > > > > > > -Kalyan > > > > On Wed, Nov 29, 2017 at 8:41 AM, Kalyan Kumar Kalvagadda < > > kkal...@cloudera.com> wrote: > > > >> Colm, > >> > >> Wiki has explicit steps to upload source + bin distributions separately. > >> I did not upload them to "https://dist.apache.org/repos/dist/dev/sentry > " > >> thinking it would be copied from my private space to the this official > >> place holder after the voting is passed. I have put the link in the > voting > >> email just for reference. > >> > >> I'm not sure if these are blockers. I will wait for other to respond on > >> this. > >> > >> While I'm waiting, I will start working on the duplicate jar dependency > >> issue. > >> > >> > >> -Kalyan > >> > >> On Wed, Nov 29, 2017 at 6:27 AM, Colm O hEigeartaigh < > cohei...@apache.org > >> > wrote: > >> > >>> Hi Kalyan, > >>> > >>> Why do we vote on source + bin distributions that are copied to a local > >>> directory, when they are available in maven here? > >>> > >>> https://repository.apache.org/content/repositories/orgapache > >>> sentry-1005/org/apache/sentry/sentry-dist/2.0.0/ > >>> > >>> I found a minor problem in that some test dependencies in Sentry are > not > >>> declared at test scope, meaning that 5 extra jars are copied to the > >>> distribution lib directory: > >>> > >>> https://issues.apache.org/jira/browse/SENTRY-2076 > >>> > >>> I'm not sure if this is a blocker or not for this release. I have two > >>> further concerns: > >>> > >>> a) We are shipping lots of duplicate jars in the lib directory with > >>> different versions, e.g. Jetty 6 and 9 jars, three different metrics > >>> versions, etc. Surely all these different versions must be causing some > >>> conflicts when using the Sentry distribution? > >>> > >>> b) We are shipping a *lot* of jars but have very little license > >>> information. Surely a lot of the jars we are shipping are not Apache > >>> licensed, and must therefore have the license referenced in the LICENSE > >>> file? > >>> > >>> Colm. > >>> > >>> On Wed, Nov 29, 2017 at 12:38 AM, Kalyan Kumar Kalvagadda < > >>> kkal...@cloudera.com> wrote: > >>> > >>> > This is the release of Apache Sentry, version 2.0.0. > >>> > > >>> > It fixes the following issues: > >>> > *https://issues.apache.org/jira/projects/SENTRY/versions/12341081 > >>> > <https://issues.apache.org/jira/projects/SENTRY/versions/12341081>* > >>> > > >>> > Source and bin files : > >>> > *http://home.apache.org/~kalyan/apache-sentry-2.0.0-src-rc-1/ > >>> > <http://home.apache.org/~kalyan/apache-sentry-2.0.0-src-rc-1/>* > >>> > > >>> > Maven artifacts are available > >>> > here:https://repository.apache.org/content/repositories/orga > >>> pachesentry- > >>> > 1005/ > >>> > > >>> > > >>> > Tag to be voted on > >>> > *https://git-wip-us.apache.org/repos/asf/sentry/?p= > >>> > sentry.git;a=tag;h=refs/tags/release-2.0.0 > >>> > <https://git-wip-us.apache.org/repos/asf/sentry/?p= > >>> > sentry.git;a=tag;h=refs/tags/release-2.0.0>* > >>> > > >>> > Sentry's KEYS containing the PGP key we used to sign the release: > >>> > http://www.apache.org/dist/sentry/KEYS > >>> > > >>> > we are voting on the source:tag=release-2.0.0, SHA= > >>> > 18fe7c596fa1ffad3e656a42d534ac190876b642 > >>> > (You can get the hash of the tag by doing "git rev-list > release-1.8.0 > >>> | > >>> > head -n 1" ) > >>> > > >>> > Vote will be open for 72 hours. > >>> > > >>> > [ ] +1 approve > >>> > [ ] +0 no opinion > >>> > [ ] -1 disapprove (and reason why) > >>> > > >>> > -Kalyan > >>> > > >>> > >>> > >>> > >>> -- > >>> Colm O hEigeartaigh > >>> > >>> Talend Community Coder > >>> http://coders.talend.com > >>> > >> > >> > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
