I'll check every dependency, includes npm dependencies in package.json/ dependencies import by android's gradle or dependencies imported by ios's Pod, and update the NOTICE file.
The weex-* project are side project maintain by weex or related teams. I'll check licenses of these projects. These projects are not core parts of weex but some derivative projects. I'll update other file type like XML/Shell scripts to have a proper src header. Files under 'flow-typed/' are generated to help run lint against js code. It's not 'source code'. Including js file under android and ios SDK's assets (android/sdk/assets,etc.) @Niclas How do we deal these generate file? 'animationjs' is a library maintained by Danz He. I'm notice this library is MIT, not GPL. On Fri, Apr 14, 2017 at 10:48 AM, Niclas Hedhman <[email protected]> wrote: > -1 ( VETO - dependency on GPL code) > > > The NOTICE file contains notices about 5 dependencies, but the list of > dependencies in package.json is much bigger, and I would assume that most > of them are released under a license that requires attribution. > > Also, what is the relationship with the weex-* dependencies? Looking at > weex-picker, it doesn't seem to be released with the same rigor as is > expected from Apache projects, such as not stating the license terms and > not respecting notices of dependencies. > > Why are these projects not part of Apache Weex (incubating)? > > Furthermore, it is not only .java files that are expected to have the > license headers. We expect that in every source file that allows for > comments. And it is missing all over the place, such as javascripts, XML > files, build files, shell script files and so on. > > In the incubator-weex-1f7ed88/flow-typed/npm directory, which is some type > of "replacements" for other things. What is this, because some of those > stubs are for GPL'd code, so I want to have a clear understanding of what > is going on here... > > > HOLD THE PRESSES; animationjs is listed in package.json as a dependency, > and used in html5/render/browser/extend/components/slider/carrousel.js. > This is GPL'd code and is viral, meaning that Weex is REQUIRED to be GPL'd > as well, which ASF don't allow. > > What disturbs me right now, because this is the second thing I picked at > random. SO how many more unacceptable dependencies do we have in Weex, > especially considering the transitive dependencies via the weexteam/weex-* > projects? > > > So, this RC CAN NOT BE RELEASED, and I will block until a full review of > all dependencies have been done (and if I am doing the review, it will take > months) > > > Niclas > > > On Thu, Apr 13, 2017 at 6:24 PM, sospartan <[email protected]> wrote: > > > Hi Weex PPMC, > > > > I'm calling this vote to release Apache Weex 0.12.0-RC0. > > > > The tag to be voted upon: > > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > > ;a=shortlog;h=refs/tags/0.12.0-rc0 > > > > The commit hash: > > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > > ;a=commit;h=1f7ed8880cf0938ba079b57aa2dc46ee484983d2 > > > > The source tarball can be found at: > > https://dist.apache.org/repos/dist/dev/incubator/weex/0.12.0 > > -incubating/RC0/ > > > > The fingerprint of key to sign release artifacts: > > 97B9 6598 A6A3 B63C 53BD 77E9 44C5 2286 22B9 7784 > > > > Release artifacts are signed with the following key: > > https://dist.apache.org/repos/dist/dev/incubator/weex/KEYS > > > > Release note about this version: > > https://issues.apache.org/jira/browse/WEEX-26 > > > > This vote will remain open for at least 72 hours. > > Please vote on releasing this RC. > > > > [ ] +1 approve > > [ ] +0 no opinion > > [ ] -1 disapprove (and reason why) > > > > > > -- > > Best Regards! > > ------------------------------ > > > > sospartan > > https://weex-project.io > > > > > > -- > Niclas Hedhman, Software Developer > http://polygene.apache.org - New Energy for Java > -- sospartan Phone:13588488290 HangZhou
