You could argue that for a convenience release you could use "superset based on the source release of Apache superset" which might get rid/reduce the licensing challenge. It's not an official release channel so why treat it as such?
Did you try contacting the author on pypi's superset? It's a bit a trademark issue I guess. You could ask Apache legal to help eventually as trademark protection is important. Besides malware could be spread this way as well. B. Sent from my iPhone > On 28 Aug 2019, at 18:04, Maxime Beauchemin <[email protected]> > wrote: > > Hi all, > > Now that 0.34.0 is out, I'd like to ship convenience releases in the for of > a PyPI.org release and a Docker image, ideally served on dockerhub. > > Now we have a few blockers/concerns: > > * as mentioned before, it looks like someone claimed "apache-superset" on > pypi.org, probably by mistake. https://pypi.org/user/cidiomar.dias.restoque/, > there's no process to re-claim it just yet, but folks seem to be working on > it here https://github.com/pypa/warehouse/issues/1506. Anyone has the > ability to pull strings at pypi.org ? :) > * can we just use `superset` in pypi (which we own) or does it have to be > `apache-superset`? > * for a release to be convenient, we should ship our minified JS bundles, > but I'm afraid that forces us to craft a 600+ entries LICENSE file > dynamically. Workaround might be to add a `superset build` command that > would well build this stuff. Requires having npm/node and such, working on > some user-space dir as we should treat `site-packages` as be immutable. I'm > not sure if that's reasonable/doable > * about docker, I'm assuming similar licensing issues for images that > contain minified bundles (is that the case?), but it's probably ok to share > just a Dockerfile itself > * Maybe we should just automate the process that compiles the LICENSE file > with the 600 npm libs? I did a bit of work in that area before > https://github.com/apache/incubator-superset/pull/5801 > > Thoughts? > > Max
