Not packaging findbugs is good. You should remove the reference to it from the tephra-distribution/LICENSE file.
I don’t think putting the contents of tephra-distribution in the top level directory is the best solution. I would just include the contents of the license directory and the tephra-distribution library in the same place. It doesn’t matter which directory you choose. I’m not clear yet though whether the Logback Core Module (which is under EPL) is included in binary or source form. If it’s in source form you still have a problem. Alan. On Thu, Sep 14, 2017 at 2:24 PM, Gokul Gunasekaran <[email protected]> wrote: > Hi Alan, > > Thanks for the review. In order to address the concerns that you have > raised, can we do the following? > > i) Don't package findbugs jsr305 (LGPL) dependency in the tar.gz binary > distribution (it is used only by IDE and it is not used in runtime, hence > we can easily do this) > ii) Move the LICENSE_BINARY, NOTICE_BINARY files to top directory (instead > of placing them under tephra-distribution directory) for ease of access > > Let me know if the above two changes sufficiently address the concerns. I > have opened a PR (https://github.com/apache/incubator-tephra/pull/60) that > implements the above two changes, happy to make any further changes. > > Thanks, > Gokul > > On Thu, Sep 14, 2017 at 12:41 PM, Alan Gates <[email protected]> wrote: > > > -1 > > > > This code appears to contain some artifacts that are licensed under > > unnacceptable licenses. Further, I could not find any guide indicated > > which parts of the code are under which licenses. > > > > See https://www.apache.org/legal/resolved.html for a summary of allowed > > licenses. > > > > In the licenses directory there is a copy of the LGPL (which is not > allowed > > in an Apache release), the EPL (which is allowed only for binary > > artifacts), and Aopa.PL, which appears to be putting all the code into > the > > public domain (IANAL, so I might be reading it wrong). > > > > It’s possible the Aopa part is ok as long it only applies to code Tephra > is > > using. The EPL might be ok if it’s only for binary artifacts. I don’t > > believe there is any way that the LGPL is ok. > > > > And a guide is needed to indicate which parts of the code are under which > > licenses so it is clear to anyone who downloads the code that these other > > licenses do not apply to the whole system. See > > https://github.com/apache/hive/blob/master/LICENSE for an example. > > > > Alan. > > > > On Thu, Sep 14, 2017 at 9:00 AM, James Taylor <[email protected]> > > wrote: > > > > > +1. Verified that all Phoenix unit tests pass with the RC. > > > > > > On Wed, Sep 13, 2017 at 8:31 PM Andreas Neumann <[email protected]> > wrote: > > > > > > > Hi all, > > > > > > > > This is a call for a vote on releasing Apache Tephra > 0.13.0-incubating, > > > > release candidate 1. This is the sixth release of Tephra. > > > > > > > > The source tarball, including signatures, digests, etc. can be found > > at: > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/tephra/0. > > > 13.0-incubating-rc1/src > > > > > > > > The tag to be voted upon is v0.13.0-incubating: > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=incubator-tephra. > > > git;a=shortlog;h=refs/tags/v0.13.0-incubating > > > > > > > > The release hash is ae63ce233eb4b34eed03208322f17da941dee0f3: > > > > > > > > https://git-wip-us.apache.org/repos/asf?p=incubator-tephra. > > > git;a=commit;h=ae63ce233eb4b34eed03208322f17da941dee0f3 > > > > > > > > The Nexus Staging URL: > > > > https://repository.apache.org/content/repositories/orgapache > > tephra-1009 > > > > > > > > Release artifacts are signed with the following key: > > > > http://people.apache.org/keys/committer/anew > > > > > > > > KEYS file available: > > > > https://dist.apache.org/repos/dist/dev/incubator/tephra/KEYS > > > > > > > > For information about the contents of this release, see: > > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/tephra/0. > > > 13.0-incubating-rc1/CHANGES.txt > > > > > > > > Please vote on releasing this package as Apache Tephra > > 0.13.0-incubating > > > > > > > > The vote will be open for 72 hours. > > > > > > > > [ ] +1 Release this package as Apache Tephra 0.13.0-incubating > > > > [ ] +0 no opinion > > > > [ ] -1 Do not release this package because ... > > > > > > > > Thanks, > > > > Andreas > > > > > > > > > >
