A quick update: I've filed - https://issues.apache.org/jira/browse/HAWQ-958 (for all license issues in Justin's email) @Justin - I've checked all [1]-[57] reference. [34] ./src/port/glob.c <https://github.com/apache/incubator-hawq/blob/2.0.0.0-incubating/src/port/glob.c> was not referred in your previous email anywhere. But given the context, I think it fits in your comments about [28]-[33] and [35], let me know if I'm wrong. - https://issues.apache.org/jira/browse/HAWQ-957 (for NOTICE cleanup based on Justin's email) - https://issues.apache.org/jira/browse/HAWQ-952 (for merging copyright/NOTICE file, based on Justin and Alan's feedback) - it's arguable what's the right way, may need more guidance. - https://issues.apache.org/jira/browse/HAWQ-959 (for unexpected Bianry files based on RAT reports) - *Pending Question*: For Justin - should I attach a build instruction text file in the future VOTE email - *Pending Question*: for @John D. Ament - regarding file naming contradicts license claim.
Thanks -Goden On Wed, Jul 27, 2016 at 2:19 PM Goden Yao <goden...@apache.org> wrote: > Hi Justin - for this comment: > > I’d suggest that build instructions are included in the release rather > than a link to them. If the instructions at the URL change in the future > how do I know how to build this release? > > We have a wikipage: > https://cwiki.apache.org/confluence/display/HAWQ/Build+and+Install , it > contains a lot of content (and you're right it might get updated often). > > Do you mean this should be put in VOTE email? or I can make a txt file (as > snapshot for the moment) and attach it with the VOTE email next time. > > > On Wed, Jul 27, 2016 at 10:10 AM Goden Yao <goden...@apache.org> wrote: > >> Thanks Justin for your detailed and thorough analysis - I'll bring this >> back to the community and address the items listed one by one. >> Meanwhile, please let us know if you see any other issues so we can solve >> them together in the next Release Candidate. >> >> Appreciate your effort. >> -Goden >> >> On Tue, Jul 26, 2016 at 8:03 PM Justin Mclean <jus...@classsoftware.com> >> wrote: >> >>> Hi, >>> >>> -1 (binding) binary in source release, LICENSE and NOTICE issues, ASF >>> header added to files not under Apache 2.0 license, possible inclusion of >>> GPL licensed software and possible Category X software included in release >>> (BSD with ad clause). >>> >>> This is not a simple release to check and I may of missed a few things >>> due to the large amount of noise. >>> >>> I checked: >>> - release contains incubating >>> - signatures and hashes good >>> - I’m not sure what the intent of COPYRIGHT is. I also don't think as it >>> has been suggested that this should be merged with NOTICE, NOTICE doesn’t >>> not list all copyrights just those that have be relocated from source >>> files. [1] >>> - NOTICE incorrecly contains a long list of copyright statements. I >>> would expect to see one or perhaps two here i.e. the original authors who >>> donated the software and who copyright statements were removed from the >>> original files. >>> - LICENSE is missing a large number of things (see below) >>> - Please use the short form of the license linking to a license files in >>> LICENSE >>> - Looks like there is an unexpected binary in the release [2] May be >>> others given rat reports 770+ binary files >>> - Impossible to say if files have correct ASF headers or not, given the >>> large number of files with ASF headers (5000 odd files) >>> - Failed to compile form source but likely my setup >>> >>> License is missing (in some cases note the different copyright owners) >>> - BSD licensed code [3] >>> - BSD license code [7] >>> - license for this file [9] >>> - license for this file [10] Are we OK this was taken form GNU C? >>> - MIT license PSI [11] >>> - BSD licensed code [12] >>> - BSD licensed code [13] Is this regard as cryptography code? [14] >>> - BSD licensed code [15][16] >>> - license for this file [17] >>> - license of these files [18][19] >>> - license of this file [20] >>> - regex license [21] >>> - How are these files licensed? [22] + others copyright AEG Automation >>> GmbH >>> - How is this file licensed? [23] >>> - BSD licensed libpq [24]. Is this consider crypto code and may need an >>> export license? >>> - pgdump [25] >>> - license for this file [26] >>> - license for this file [27] Look like an ASF header may of been >>> incorrectly added to this. >>> - This BSD licensed file [36] >>> - license for these files [37][38] and others in [39] >>> - This BSD licensed file [40] >>> - This BSD licensed file [41] >>> - BSD licensed pychecker [42] >>> - licenses for all of these files [43] >>> - BSD license pg800 [44] >>> - how is this file licensed? [45] >>> - license for this file [47] >>> - Python license for this file [48]. Is this an Apache comparable >>> license? >>> - How are these files licensed? [49] Note multiple copyright owners and >>> missing headers. >>> - BSD licensed fig leaf. [50] Note that files incorrectly has had ASF >>> headers applied. >>> - This BSD licensed file [51] >>> - This public domain style sheet [52] >>> - This file [53] >>> - License for unit test2 [54] >>> - MIT licensed lock file [55] >>> - JSON code here [56] >>> - License for this file [57] >>> >>> And I may of missed some, as I wasn't doing a full review - that would >>> likely take many many hours. >>> >>> Looks like GPL/LPGL licensed code may be included [4][5][6] in the >>> release. >>> >>> This file [8] and others(?) may incorrectly have an ASF headers on it. >>> Also why does this file have an ASF header with copyright line? [46] >>> >>> Code includes code licensed under the 4 clause BSD license which is not >>> compatible with the Apache 2.0 license. [28][29][30][31][32][33] It may be >>> that this clause has been rescinded [35] and it OK to include but that >>> needs to be checked. >>> >>> I’d suggest that build instructions are included in the release rather >>> than a link to them. If the instructions at the URL change in the future >>> how do I know how to build this release? >>> >>> Also some one owes me a beer! >>> >>> Thanks, >>> Justin >>> >>> 1. http://www.apache.org/legal/src-headers.html#headers >>> 2. depends/thirdparty/thrift/lib/erl/rebar >>> 3. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py >>> 4. ./depends/thirdparty/thrift/debian/copyright (end of file) >>> 5. ./depends/thirdparty/thrift/doc/licenses/lgpl-2.1.txt >>> 6. ./tools/bin/gppylib/operations/test/test_package.py >>> 7. ./depends/thirdparty/thrift/compiler/cpp/src/md5.? >>> 8. ./tools/sbin/hawqstandbywatch.py >>> 9. ./src/backend/port/dynloader/ultrix4.h >>> 10. ./src/port/inet_aton.c >>> 11. ./tools/bin/pythonSrc/PSI-0.3b2_gp/ >>> 12. ./src/port/snprintf.c >>> 13 ./src/port/crypt.c >>> 14. http://www.apache.org/dev/crypto.html >>> 15. ./src/port/memcmp.c >>> 16. ./src/backend/utils/mb/wstrcmp.c >>> 17. ./src/port/rand.c >>> 18. ./src/backend/utils/adt/inet_net_ntop.c >>> 19. ./src/backend/utils/adt/inet_net_pton.c >>> 20 ./src/port/strlcpy.c >>> 21. ./src/backend/regex/COPYRIGHT >>> 22. ./src/backend/port/qnx4/shm.c >>> 23. ./src/backend/port/beos/shm.c >>> 24. ./src/backend/libpq/sha2.? >>> 25. ./src/bin/pg_dump/ >>> 26. ./src/port/gettimeofday.c >>> 27. ./depends/thirdparty/thrift/lib/cpp/src/thrift/windows/SocketPair.cpp >>> 28. ./src/backend/port/dynloader/freebsd.c >>> 29. ./src/backend/port/dynloader/netbsd.c >>> 30. ./src/backend/port/dynloader/openbsd.c >>> 31. ./src/bin/gpfdist/src/gpfdist/glob.c >>> 32. ./src/bin/gpfdist/src/gpfdist/include/glob.h >>> 33. ./src/include/port/win32_msvc/glob.h >>> 34. ./src/port/glob.c >>> 35. ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change >>> 36. ./src/bin/pg_controldata/pg_controldata.c >>> 37. ./depends/thirdparty/thrift/aclocal/ax_cxx_compile_stdcxx_11.m4 >>> 38. ./depends/thirdparty/thrift/aclocal/ax_boost_base.m4 >>> 39. ./depends/thirdparty/thrift/aclocal >>> 40. ./depends/thirdparty/thrift/build/cmake/FindGLIB.cmake >>> 41. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py >>> 42. ./tools/bin/pythonSrc/pychecker-0.8.18/ >>> 43. ./src/interfaces/libpq/po/*.po >>> 44. ./tools/bin/ext/pg8000/* >>> 45. ./src/backend/utils/mb/Unicode/UCS_to_GB18030.pl >>> 46. >>> ./contrib/hawq-hadoop/hawq-mapreduce-tool/src/test/resources/log4j.properties >>> 47 ./tools/bin/pythonSrc/lockfile-0.9.1/lockfile/pidlockfile.py >>> 48 ./tools/bin/pythonSrc/pychecker-0.8.18/pychecker2/symbols.py >>> 49. ./src/backend/utils/mb/Unicode/* >>> 50. ./tools/bin/ext/figleaf/* >>> 51. ./depends/thirdparty/thrift/lib/py/compat/win32/stdint.h >>> 52. ./tools/bin/pythonSrc/PyGreSQL-4.0/docs/default.css >>> 53. ./src/test/locale/test-ctype.c >>> 54 ./tools/bin/pythonSrc/unittest2-0.5.1/unittest2/ >>> 55. ./tools/bin/pythonSrc/lockfile-0.9.1/LICENSE >>> 56. ./src/include/catalog/JSON >>> 57. ./src/pl/plperl/ppport.h >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >>>
