Ok, thanks for taking time to answer my concerns. I withdraw the veto (the GPL concern). I recommend cutting a new release with the changes made, but will not block if you decide to push this release out anyway. Repacking should be quick and automatic...
Cheers On Sat, Apr 15, 2017 at 9:03 AM, sospartan <[email protected]> wrote: > These weex-* project is removable, theoretically speaking. We put these in > dependency for building javascript library more > convenient to use. It's kind of like a all-in-one javascript template > framework. > If you suggest moving these project to weex incubating project too, I think > we can discuss that, more things need to be settle. But for the next > release I'll suggest keep current way. > > The 'animationjs' we use from here https://www.npmjs.com/package/ > animationjs > > flow-types; I mean these file can be generated by 'flow-type' tool, were > not manual code by us. For saving the time build it, we put it in code repo > in advance. > @Danz can we remove these files? Put it in .gitignore then you can keep use > these file in you local environment. > > > > On Fri, Apr 14, 2017 at 4:54 PM, Niclas Hedhman <[email protected]> > wrote: > > > Well, the weexteam projects are listed as direct dependencies... > > > > "dependencies": { > > "animationjs": "^0.1.5", > > "core-js": "^2.4.0", > > "cubicbezier": "^0.1.1", > > "envd": "^0.1.1", > > "httpurl": "^0.1.1", > > "lazyimg": "^0.1.5", > > "modals": "^0.1.6", > > "query-string": "^4.2.3", > > "scroll-to": "0.0.2", > > "semver": "^5.1.0", > > "weex-components": "^0.2.0", > > "weex-picker": "^0.1.0", > > "weex-rax-framework": "0.1.7", > > "weex-styler":"0.1.8", > > "weex-vue-framework": "2.1.8-weex.1" > > }, > > > > So, sorry if I don't see that as "not core parts of weex but some > > derivative projects." > > > > animationJs ; my apologies. What showed up in my google search was > > https://github.com/lathoub/AnimationJS. > > > > flow-types; Not sure what you mean. Please elaborate. > > > > > > On Fri, Apr 14, 2017 at 3:24 PM, sospartan <[email protected]> wrote: > > > > > I'll check every dependency, includes npm dependencies in package.json/ > > > dependencies import by android's gradle or dependencies imported by > > ios's > > > Pod, and update the NOTICE file. > > > > > > The weex-* project are side project maintain by weex or related teams. > > I'll > > > check licenses of these projects. These projects are not core parts of > > weex > > > but some derivative projects. > > > > > > I'll update other file type like XML/Shell scripts to have a proper src > > > header. > > > > > > Files under 'flow-typed/' are generated to help run lint against js > code. > > > It's not 'source code'. Including js file under android and ios SDK's > > > assets (android/sdk/assets,etc.) > > > @Niclas How do we deal these generate file? > > > > > > 'animationjs' is a library maintained by Danz He. I'm notice this > library > > > is MIT, not GPL. > > > > > > > > > On Fri, Apr 14, 2017 at 10:48 AM, Niclas Hedhman <[email protected]> > > > wrote: > > > > > > > -1 ( VETO - dependency on GPL code) > > > > > > > > > > > > The NOTICE file contains notices about 5 dependencies, but the list > of > > > > dependencies in package.json is much bigger, and I would assume that > > most > > > > of them are released under a license that requires attribution. > > > > > > > > Also, what is the relationship with the weex-* dependencies? Looking > at > > > > weex-picker, it doesn't seem to be released with the same rigor as is > > > > expected from Apache projects, such as not stating the license terms > > and > > > > not respecting notices of dependencies. > > > > > > > > Why are these projects not part of Apache Weex (incubating)? > > > > > > > > Furthermore, it is not only .java files that are expected to have the > > > > license headers. We expect that in every source file that allows for > > > > comments. And it is missing all over the place, such as javascripts, > > XML > > > > files, build files, shell script files and so on. > > > > > > > > In the incubator-weex-1f7ed88/flow-typed/npm directory, which is > some > > > type > > > > of "replacements" for other things. What is this, because some of > those > > > > stubs are for GPL'd code, so I want to have a clear understanding of > > what > > > > is going on here... > > > > > > > > > > > > HOLD THE PRESSES; animationjs is listed in package.json as a > > dependency, > > > > and used in html5/render/browser/extend/components/slider/carrousel. > > js. > > > > This is GPL'd code and is viral, meaning that Weex is REQUIRED to be > > > GPL'd > > > > as well, which ASF don't allow. > > > > > > > > What disturbs me right now, because this is the second thing I picked > > at > > > > random. SO how many more unacceptable dependencies do we have in > Weex, > > > > especially considering the transitive dependencies via the > > > weexteam/weex-* > > > > projects? > > > > > > > > > > > > So, this RC CAN NOT BE RELEASED, and I will block until a full review > > of > > > > all dependencies have been done (and if I am doing the review, it > will > > > take > > > > months) > > > > > > > > > > > > Niclas > > > > > > > > > > > > On Thu, Apr 13, 2017 at 6:24 PM, sospartan <[email protected]> > > wrote: > > > > > > > > > Hi Weex PPMC, > > > > > > > > > > I'm calling this vote to release Apache Weex 0.12.0-RC0. > > > > > > > > > > The tag to be voted upon: > > > > > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > > > > > ;a=shortlog;h=refs/tags/0.12.0-rc0 > > > > > > > > > > The commit hash: > > > > > https://git-wip-us.apache.org/repos/asf?p=incubator-weex.git > > > > > ;a=commit;h=1f7ed8880cf0938ba079b57aa2dc46ee484983d2 > > > > > > > > > > The source tarball can be found at: > > > > > https://dist.apache.org/repos/dist/dev/incubator/weex/0.12.0 > > > > > -incubating/RC0/ > > > > > > > > > > The fingerprint of key to sign release artifacts: > > > > > 97B9 6598 A6A3 B63C 53BD 77E9 44C5 2286 22B9 7784 > > > > > > > > > > Release artifacts are signed with the following key: > > > > > https://dist.apache.org/repos/dist/dev/incubator/weex/KEYS > > > > > > > > > > Release note about this version: > > > > > https://issues.apache.org/jira/browse/WEEX-26 > > > > > > > > > > This vote will remain open for at least 72 hours. > > > > > Please vote on releasing this RC. > > > > > > > > > > [ ] +1 approve > > > > > [ ] +0 no opinion > > > > > [ ] -1 disapprove (and reason why) > > > > > > > > > > > > > > > -- > > > > > Best Regards! > > > > > ------------------------------ > > > > > > > > > > sospartan > > > > > https://weex-project.io > > > > > > > > > > > > > > > > > > > > > -- > > > > Niclas Hedhman, Software Developer > > > > http://polygene.apache.org - New Energy for Java > > > > > > > > > > > > > > > > -- > > > sospartan > > > Phone:13588488290 > > > HangZhou > > > > > > > > > > > -- > > Niclas Hedhman, Software Developer > > http://polygene.apache.org - New Energy for Java > > > > > > -- > sospartan > Phone:13588488290 > HangZhou > -- Niclas Hedhman, Software Developer http://polygene.apache.org - New Energy for Java
