-1 ( VETO - dependency on GPL code)
The NOTICE file contains notices about 5 dependencies, but the list of dependencies in package.json is much bigger, and I would assume that most of them are released under a license that requires attribution. Also, what is the relationship with the weex-* dependencies? Looking at weex-picker, it doesn't seem to be released with the same rigor as is expected from Apache projects, such as not stating the license terms and not respecting notices of dependencies. Why are these projects not part of Apache Weex (incubating)? Furthermore, it is not only .java files that are expected to have the license headers. We expect that in every source file that allows for comments. And it is missing all over the place, such as javascripts, XML files, build files, shell script files and so on. In the incubator-weex-1f7ed88/flow-typed/npm directory, which is some type of "replacements" for other things. What is this, because some of those stubs are for GPL'd code, so I want to have a clear understanding of what is going on here... HOLD THE PRESSES; animationjs is listed in package.json as a dependency, and used in html5/render/browser/extend/components/slider/carrousel.js. This is GPL'd code and is viral, meaning that Weex is REQUIRED to be GPL'd as well, which ASF don't allow. What disturbs me right now, because this is the second thing I picked at random. SO how many more unacceptable dependencies do we have in Weex, especially considering the transitive dependencies via the weexteam/weex-* projects? So, this RC CAN NOT BE RELEASED, and I will block until a full review of all dependencies have been done (and if I am doing the review, it will take months) Niclas On Thu, Apr 13, 2017 at 6:24 PM, sospartan <[email protected]> wrote: > Hi Weex PPMC, > > I'm calling this vote to release Apache Weex 0.12.0-RC0. > > The tag to be voted upon: > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > ;a=shortlog;h=refs/tags/0.12.0-rc0 > > The commit hash: > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > ;a=commit;h=1f7ed8880cf0938ba079b57aa2dc46ee484983d2 > > The source tarball can be found at: > https://dist.apache.org/repos/dist/dev/incubator/weex/0.12.0 > -incubating/RC0/ > > The fingerprint of key to sign release artifacts: > 97B9 6598 A6A3 B63C 53BD 77E9 44C5 2286 22B9 7784 > > Release artifacts are signed with the following key: > https://dist.apache.org/repos/dist/dev/incubator/weex/KEYS > > Release note about this version: > https://issues.apache.org/jira/browse/WEEX-26 > > This vote will remain open for at least 72 hours. > Please vote on releasing this RC. > > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > > -- > Best Regards! > ------------------------------ > > sospartan > https://weex-project.io > -- Niclas Hedhman, Software Developer http://polygene.apache.org - New Energy for Java
