Hi Justin - for this comment: I’d suggest that build instructions are included in the release rather than a link to them. If the instructions at the URL change in the future how do I know how to build this release?
We have a wikipage: https://cwiki.apache.org/confluence/display/HAWQ/Build+and+Install , it contains a lot of content (and you're right it might get updated often). Do you mean this should be put in VOTE email? or I can make a txt file (as snapshot for the moment) and attach it with the VOTE email next time. On Wed, Jul 27, 2016 at 10:10 AM Goden Yao <goden...@apache.org> wrote: > Thanks Justin for your detailed and thorough analysis - I'll bring this > back to the community and address the items listed one by one. > Meanwhile, please let us know if you see any other issues so we can solve > them together in the next Release Candidate. > > Appreciate your effort. > -Goden > > On Tue, Jul 26, 2016 at 8:03 PM Justin Mclean <jus...@classsoftware.com> > wrote: > >> Hi, >> >> -1 (binding) binary in source release, LICENSE and NOTICE issues, ASF >> header added to files not under Apache 2.0 license, possible inclusion of >> GPL licensed software and possible Category X software included in release >> (BSD with ad clause). >> >> This is not a simple release to check and I may of missed a few things >> due to the large amount of noise. >> >> I checked: >> - release contains incubating >> - signatures and hashes good >> - I’m not sure what the intent of COPYRIGHT is. I also don't think as it >> has been suggested that this should be merged with NOTICE, NOTICE doesn’t >> not list all copyrights just those that have be relocated from source >> files. [1] >> - NOTICE incorrecly contains a long list of copyright statements. I would >> expect to see one or perhaps two here i.e. the original authors who donated >> the software and who copyright statements were removed from the original >> files. >> - LICENSE is missing a large number of things (see below) >> - Please use the short form of the license linking to a license files in >> LICENSE >> - Looks like there is an unexpected binary in the release [2] May be >> others given rat reports 770+ binary files >> - Impossible to say if files have correct ASF headers or not, given the >> large number of files with ASF headers (5000 odd files) >> - Failed to compile form source but likely my setup >> >> License is missing (in some cases note the different copyright owners) >> - BSD licensed code [3] >> - BSD license code [7] >> - license for this file [9] >> - license for this file [10] Are we OK this was taken form GNU C? >> - MIT license PSI [11] >> - BSD licensed code [12] >> - BSD licensed code [13] Is this regard as cryptography code? [14] >> - BSD licensed code [15][16] >> - license for this file [17] >> - license of these files [18][19] >> - license of this file [20] >> - regex license [21] >> - How are these files licensed? [22] + others copyright AEG Automation >> GmbH >> - How is this file licensed? [23] >> - BSD licensed libpq [24]. Is this consider crypto code and may need an >> export license? >> - pgdump [25] >> - license for this file [26] >> - license for this file [27] Look like an ASF header may of been >> incorrectly added to this. >> - This BSD licensed file [36] >> - license for these files [37][38] and others in [39] >> - This BSD licensed file [40] >> - This BSD licensed file [41] >> - BSD licensed pychecker [42] >> - licenses for all of these files [43] >> - BSD license pg800 [44] >> - how is this file licensed? [45] >> - license for this file [47] >> - Python license for this file [48]. Is this an Apache comparable license? >> - How are these files licensed? [49] Note multiple copyright owners and >> missing headers. >> - BSD licensed fig leaf. [50] Note that files incorrectly has had ASF >> headers applied. >> - This BSD licensed file [51] >> - This public domain style sheet [52] >> - This file [53] >> - License for unit test2 [54] >> - MIT licensed lock file [55] >> - JSON code here [56] >> - License for this file [57] >> >> And I may of missed some, as I wasn't doing a full review - that would >> likely take many many hours. >> >> Looks like GPL/LPGL licensed code may be included [4][5][6] in the >> release. >> >> This file [8] and others(?) may incorrectly have an ASF headers on it. >> Also why does this file have an ASF header with copyright line? [46] >> >> Code includes code licensed under the 4 clause BSD license which is not >> compatible with the Apache 2.0 license. [28][29][30][31][32][33] It may be >> that this clause has been rescinded [35] and it OK to include but that >> needs to be checked. >> >> I’d suggest that build instructions are included in the release rather >> than a link to them. If the instructions at the URL change in the future >> how do I know how to build this release? >> >> Also some one owes me a beer! >> >> Thanks, >> Justin >> >> 1. http://www.apache.org/legal/src-headers.html#headers >> 2. depends/thirdparty/thrift/lib/erl/rebar >> 3. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py >> 4. ./depends/thirdparty/thrift/debian/copyright (end of file) >> 5. ./depends/thirdparty/thrift/doc/licenses/lgpl-2.1.txt >> 6. ./tools/bin/gppylib/operations/test/test_package.py >> 7. ./depends/thirdparty/thrift/compiler/cpp/src/md5.? >> 8. ./tools/sbin/hawqstandbywatch.py >> 9. ./src/backend/port/dynloader/ultrix4.h >> 10. ./src/port/inet_aton.c >> 11. ./tools/bin/pythonSrc/PSI-0.3b2_gp/ >> 12. ./src/port/snprintf.c >> 13 ./src/port/crypt.c >> 14. http://www.apache.org/dev/crypto.html >> 15. ./src/port/memcmp.c >> 16. ./src/backend/utils/mb/wstrcmp.c >> 17. ./src/port/rand.c >> 18. ./src/backend/utils/adt/inet_net_ntop.c >> 19. ./src/backend/utils/adt/inet_net_pton.c >> 20 ./src/port/strlcpy.c >> 21. ./src/backend/regex/COPYRIGHT >> 22. ./src/backend/port/qnx4/shm.c >> 23. ./src/backend/port/beos/shm.c >> 24. ./src/backend/libpq/sha2.? >> 25. ./src/bin/pg_dump/ >> 26. ./src/port/gettimeofday.c >> 27. ./depends/thirdparty/thrift/lib/cpp/src/thrift/windows/SocketPair.cpp >> 28. ./src/backend/port/dynloader/freebsd.c >> 29. ./src/backend/port/dynloader/netbsd.c >> 30. ./src/backend/port/dynloader/openbsd.c >> 31. ./src/bin/gpfdist/src/gpfdist/glob.c >> 32. ./src/bin/gpfdist/src/gpfdist/include/glob.h >> 33. ./src/include/port/win32_msvc/glob.h >> 34. ./src/port/glob.c >> 35. ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change >> 36. ./src/bin/pg_controldata/pg_controldata.c >> 37. ./depends/thirdparty/thrift/aclocal/ax_cxx_compile_stdcxx_11.m4 >> 38. ./depends/thirdparty/thrift/aclocal/ax_boost_base.m4 >> 39. ./depends/thirdparty/thrift/aclocal >> 40. ./depends/thirdparty/thrift/build/cmake/FindGLIB.cmake >> 41. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py >> 42. ./tools/bin/pythonSrc/pychecker-0.8.18/ >> 43. ./src/interfaces/libpq/po/*.po >> 44. ./tools/bin/ext/pg8000/* >> 45. ./src/backend/utils/mb/Unicode/UCS_to_GB18030.pl >> 46. >> ./contrib/hawq-hadoop/hawq-mapreduce-tool/src/test/resources/log4j.properties >> 47 ./tools/bin/pythonSrc/lockfile-0.9.1/lockfile/pidlockfile.py >> 48 ./tools/bin/pythonSrc/pychecker-0.8.18/pychecker2/symbols.py >> 49. ./src/backend/utils/mb/Unicode/* >> 50. ./tools/bin/ext/figleaf/* >> 51. ./depends/thirdparty/thrift/lib/py/compat/win32/stdint.h >> 52. ./tools/bin/pythonSrc/PyGreSQL-4.0/docs/default.css >> 53. ./src/test/locale/test-ctype.c >> 54 ./tools/bin/pythonSrc/unittest2-0.5.1/unittest2/ >> 55. ./tools/bin/pythonSrc/lockfile-0.9.1/LICENSE >> 56. ./src/include/catalog/JSON >> 57. ./src/pl/plperl/ppport.h >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >>
