Regarding Licence's question, we will complete the repair as soon as possible before voting.
发件人: Dave Fisher <dave2w...@comcast.net<mailto:dave2w...@comcast.net>> 答复: <general@incubator.apache.org<mailto:general@incubator.apache.org>> 日期: 2018年6月9日 星期六 上午2:10 至: <general@incubator.apache.org<mailto:general@incubator.apache.org>> 主题: Re: Looking for Champion Yuck. That’s a mess. That is one very large diff. I see a few files related to AES the were GPL converted to Apache which not allowed. Copyrights were changed too which is also incorrect. Changes to this file be/src/http/mongoose.h<https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e#diff-586168bd25cfbf3bc8bc1b52abc4206c> violate license and copyright of Sergey Lyubka GitHub makes you expand each diff after awhile. There are dependency licenses that might be issues too. These licenses have not been evaluated by LEGAL. * OpenLdap (OpenLDAP Software License) http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=LICENSE;hb=e5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1 * rapidjson (Tencent) Unknown * cyrus-sasl (CMU License) https://spdx.org/licenses/MIT-CMU.html AKA MIT-CMU Lots of work in evaluating licenses. On Jun 8, 2018, at 9:46 AM, Ted Dunning <ted.dunn...@gmail.com<mailto:ted.dunn...@gmail.com>> wrote: Ouch. The copyright in question was attached to code from the source code for mySQL. There is no way that code can be in an Apache project. Given the cut and paste history, it seems like it will require a very detailed audit of code history or web searches to find where the original code came from. The my_aes.c and .h files, for instance, have no hint in their history that they came from GPL'ed code. Yeah. Lot’s of oversight. If we accept this proposal we need a Mentor who has time to help with this mess. I don’t know that I have the time to lead that effort. Anyone? Regards, Dave On Fri, Jun 8, 2018 at 5:37 PM Todd Lipcon <t...@cloudera.com<mailto:t...@cloudera.com>> wrote: ... +1. Also briefly browsing the code I found suspicious commits like this one: https://github.com/baidu/palo/commit/6486be64c319fe0beb8c6b4430c1662de54f182e ... in which a GPL license copyright by Oracle was "fixed" to be an Apache license copyright Baidu. So if this project does enter incubation I think we should be extra careful to audit the origins of all of the source code.
