Re: Issue with releases / feedback from ASF board
Thank you Betrand for the suggestion. I have created a pull request to update the website. Anyone interested, please take a look and leave feedback in the pull request or via response to this mail. There is no preview of the resulting page available, but we can also iterate via multiple pull requests in case of any remaining problems. https://github.com/apache/incubator-mxnet/pull/18487 The PR is quite large, thus my reluctance to first open a PR deleting stuff and then adding things back. The effort for correcting the site in a single step is significantly lower. I hope Incubator has understanding for that. Thanks Leonard Bertrand Delacretaz writes: > Hi, > > On Thu, Jun 4, 2020 at 8:44 AM Leonard Lausen wrote: >> ...Does adding the following notice pior to any mentioning of a third-party >> binary release work for clearly informing users?... > > I haven't followed all the details but IIUC what you are doing is > linking to third-party packages that can help people get started with > MXNet but are not provided by the ASF. > > If that's correct, I would phrase your disclaimer a bit differently. > >> >> > WARNING: The following binary release is not provided by the Apache >> > Software Foundation and third-party members of the MXNet community. >> > They may contain closed-source components with restrictive licenses. >> > You may want to download the official Apache MXNet (incubating) source >> > release instead and build from source instead > > WARNING: the following links are provided for your convenience but > they point to packages that are *not* provided nor endorsed by the > Apache Software Foundation. > As such, they might contain software components with more restrictive > licenses than the Apache License and you'll need to decide whether > they are appropriate for your usage. Like all Apache Releases, the > official Apache MXNet (incubating) releases consist of source code > only and are found at . > > -Bertrand
Re: Issue with releases / feedback from ASF board
Hi, On Thu, Jun 4, 2020 at 8:44 AM Leonard Lausen wrote: > ...Does adding the following notice pior to any mentioning of a third-party > binary release work for clearly informing users?... I haven't followed all the details but IIUC what you are doing is linking to third-party packages that can help people get started with MXNet but are not provided by the ASF. If that's correct, I would phrase your disclaimer a bit differently. > > > WARNING: The following binary release is not provided by the Apache > > Software Foundation and third-party members of the MXNet community. > > They may contain closed-source components with restrictive licenses. > > You may want to download the official Apache MXNet (incubating) source > > release instead and build from source instead WARNING: the following links are provided for your convenience but they point to packages that are *not* provided nor endorsed by the Apache Software Foundation. As such, they might contain software components with more restrictive licenses than the Apache License and you'll need to decide whether they are appropriate for your usage. Like all Apache Releases, the official Apache MXNet (incubating) releases consist of source code only and are found at . -Bertrand
Re: Issue with releases / feedback from ASF board
Hi Justin, as there have been a couple of mails on the dev@ list prior to your mail to general@ list and your mail contains a dramatic opening, I'd like to provide some context here. The problem in the current focus is how to ensure the http://mxnet.apache.org/get_started page is compliant with ASF policies. The page currently provides names of third-party binary distributions not controlled by the PPMC which may confuse some users. Let's take a look at the timeline first: On May 5th 2020 I have opened LEGAL-515 and asked (among other questions) how the MXNet PPMC can correctly reference third-party distributions on the website. Unfortunately that question was not answered. In fact the majority of questions in LEGAL-515 remained unanswered throughout May (starting May 8th). Note that prior to my question in LEGAL-515, the MXNet website has been mentioning the names of third-party distributions already. You just now stated: > You were asked to do something about this a few weeks ago and as far > as I can see have not done so. Please do so as soon as you can. That's not entirely correct. I note that there a two different requests. On May 24th you have contacted the PPMC, requesting the PPMC to (among other things) improve the clarity of the Getting Started page: > It also needs to be clear what a user is installed from this install > page [http://mxnet.incubator.apache.org/get_started] PPMC has been working on resolving this question in LEGAL-515 since May 5th and has also requested guidance from the trademark@ team. This was still ongoing at the time of your email today. Today you have contacted the PPMC with a different request about the Getting Started page: > It’s quite clear they should not be linked to from an Apache page > like this as users will think these are Apache releases. Please remove > them, after that bring it up on the incubator general list and we can > discuss what needs to be done. In response I have asked you, if it wouldn't be possible to first decide how to properly disclaim links to third-parties on the website, before removing the links and then potentially adding them back with a disclaimer later. This is a very simple question. It's quite late in my timezone and updating the website will take some time. Why not udpate the website once correctly instead of taking a route that requires multiple updates? To resolve the situation, I suggest we start from your statement here: > No Apache project should be distributing 3rd party releases from their > web site without clearly informing the users of what they are getting. Does adding the following notice pior to any mentioning of a third-party binary release work for clearly informing users? > WARNING: The following binary release is not provided by the Apache > Software Foundation and third-party members of the MXNet community. > They may contain closed-source components with restrictive licenses. > You may want to download the official Apache MXNet (incubating) source > release instead and build from source instead. If so, PPMC can initiate the process of adding this statement to the website tomorrow. If not, do you have a better suggestion? And in either case, if the Incubator prefers the route of updating the website multiple times and leaves a partially empty website in the intermediate time, then let it be that way and PPMC may initiate that process tomorrow. >> I'm not sure what you mean. Note that Github automatically creates these >> release pages based on the presence of git tags in the version control >> history. > > Yes they do but they consists of Apache releases it looks like you > have non Apache releases there. Other projects tag these add notes to > make it very clear they are not Apache releases. The context here is that I requested you to clarify on your mail from May 24th in which you stated: > The GitHub download page [2] is also confusing as it contains a mix of > Apache and non-Apache releases My understanding of your statement was that you refer to the source archives created by Github, which are not the official ASF source archives. MXNet project uploaded the ASF source archives in addition to the Github source archives to ensure users can easily discover them. But it appears this is not what you meant with "confusing" . But given your response, I now believe you may be referring to git tags that were made prior to MXNet joining the incubator on 2017-01-23 / on which no vote by the PPMC took place? Adding notes to those releases can be done easily if that is what you request. Best regards Leonard
Re: Issue with releases / feedback from ASF board
Hi Justin,
Justin Mclean writes:
> It’s quite clear they should not be linked to from an Apache page
> like this as users will think these are Apache releases. Please remove
> them, after that bring it up on the incubator general list and we can
> discuss what needs to be done.
The status quo has been in place since a while. Do you think we have
time to first discuss the correct solution on the Incubator list, before
we delete the existing pages?
>> Also I notice you referred to the Github Release page. Github will
>> automatically
>> provide a ZIP folder ("Source code (zip)") for the commit tagged as release.
>> PPMC has further uploaded the ASF .tar.gz, .tar.gz.asc and .tar.gz.sha512. Is
>> that what you mean with confusing mix of "Apache and non-Apache releases”?
>
> You need to mark anything that is not an Apache release very clearly
> and if that cannot be done them it needs to be removed.
I'm not sure what you mean. Note that Github automatically creates these
release pages based on the presence of git tags in the version control
history.
I looked at a number of Apache projects and their Github Release pages.
By the very nature of how Github presents the release page, they all
contain links to download a source archive provided by Github. Different
to MXNet, these projects do not in addition provide the ASF source
archives on their Github release page, but only the Github source
archives.
- Apache Arrow: https://github.com/apache/arrow/releases
- Apache Hadoop: https://github.com/apache/hadoop/releases
- Apache Maven: https://github.com/apache/maven/releases
Most closely, the Apache Beam project includes changelog in a similar
manner as MXNet and also tags RC releases on Github:
- Apache Beam https://github.com/apache/beam/releases
So is your recommendation here to take down the ASF source archives, ie.
the .tar.gz, .tar.gz.asz and .tar.gz.sha512 files and only keep the
basic Github functionality? This will make it harder for users to
discover the official ASF releases, but it's certainly something we can
do.
Best regards
Leonard
Re: Issue with releases / feedback from ASF board
Hi,
> this page currently contains some links to third-party binary distributions of
> MXNet (for example at [1]). The question of what the PPMC should recommend
> those
> third-parties to avoid trademarking issues is currently being discussed on
> private@ and trademark@.
It’s quite clear they should not be linked to from an Apache page like this as
users will think these are Apache releases. Please remove them, after that
bring it up on the incubator general list and we can discuss what needs to be
done.
> Also I notice you referred to the Github Release page. Github will
> automatically
> provide a ZIP folder ("Source code (zip)") for the commit tagged as release.
> PPMC has further uploaded the ASF .tar.gz, .tar.gz.asc and .tar.gz.sha512. Is
> that what you mean with confusing mix of "Apache and non-Apache releases”?
You need to mark anything that is not an Apache release very clearly and if
that cannot be done them it needs to be removed.
Thanks,
Justin
Re: Issue with releases / feedback from ASF board
Hi Justin,
this page currently contains some links to third-party binary distributions of
MXNet (for example at [1]). The question of what the PPMC should recommend those
third-parties to avoid trademarking issues is currently being discussed on
private@ and trademark@.
With respect to the MXNet Website linking to third-parties, I haven't been able
to find a policy yet. The current plan is to add a disclaimer and bring this up
with the Incubator for review. Do you think that's sensible? Do you have any
other recommendation?
Also I notice you referred to the Github Release page. Github will automatically
provide a ZIP folder ("Source code (zip)") for the commit tagged as release.
PPMC has further uploaded the ASF .tar.gz, .tar.gz.asc and .tar.gz.sha512. Is
that what you mean with confusing mix of "Apache and non-Apache releases"?
Best regards
Leonard
[1]:
https://mxnet.apache.org/get_started?platform=linux=python=gpu=pip;
;
On Wed, 2020-06-03 at 23:50 +, Justin Mclean wrote:
> Hi,
>
> I don't see what has been done about this [1] which I mentioned above. What is
> the planned action here?
>
> Thanks,
> Justin
>
> 1. https://mxnet.apache.org/get_started?
>
Re: Issue with releases / feedback from ASF board
Hi, I don't see what has been done about this [1] which I mentioned above. What is the planned action here? Thanks, Justin 1. https://mxnet.apache.org/get_started?
Re: Issue with releases / feedback from ASF board
Hi Justin, Here's an update on the progress of addressing the license issues: Done: - Add disclaimer to repo.mxnet.io and dist.mxnet.io to clarify that the nightly releases there are not intended for public consumption. (changed. pending cache refresh) - Remove non-Apache releases in github release page. Ongoing: - Delete problematic Maven releases. dev@ is notified and per discussion it's pending lazy consensus [1]. - Review with Apache Trademark on the current third-party binary distributions of mxnet and make necessary correction. Review initiated with trademarks@. - Review with Apache Legal on the appropriate license for convenience binary distribution and display it prominently. Currently waiting for reply [2] To do: - Add source distribution to PyPI package `apache-mxnet`. This is intended to be the official source release that is compliant with incubator distribution guidelines [3]. - Non-official third-party Maven binary releases. We need input on the requirements for observing the proper trademark usage first. As we proceed, there may be more work to do, and we are tracking the progress in https://github.com/apache/incubator-mxnet/issues/18397. Let us know if you have any question. Regards, Sheng [1] https://lists.apache.org/thread.html/ra4e9572ac74857a80c64a31e8bf292d353e74cfa87bf457f47450303%40%3Cdev.mxnet.apache.org%3E [2] https://issues.apache.org/jira/browse/LEGAL-515 [3] https://cwiki.apache.org/confluence/display/INCUBATOR/DistributionGuidelines On Sun, May 31, 2020 at 2:01 AM Justin Mclean wrote: > Hi, > > I'm writing my board report in the next couple of days and just wondering > what progress has been made on this. > > Thanks, > Justin > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: Issue with releases / feedback from ASF board
Thanks for the reply. Besides the clarification below, we will track and address here [1] the rest of the comments in this thread. > > - We will introduce source releases on PyPI and Maven using apache-mxnet > > name to provide users with the option to have Apache distribution and allow > > users to compile CUDA/cuDNN code as an option. > > I assume that mean you will two distribution on PyPI? Or is the intent to remove the other one? - We PPMC will create apache-mxnet package with Apache releases in the form of source distributions. This is intended as first-party release to comply with the draft release policy. - As individual, and with appropriate names and description as determined by trademark review, I intend to continue to provide binary releases on PyPI for the convenience of the community. This is out of necessity as compiling all the CUDA code in MXNet can take hours even on powerful CPUs. -sz [1] https://github.com/apache/incubator-mxnet/issues/18397 On Sat, May 23, 2020 at 5:15 PM Justin Mclean wrote: > Hi, > > > - MXNet publishes only nightly pre-release builds to dist.mxnet.io for > the > > verification purpose for projects in the ecosystem and for developers who > > work on the bleeding edge. > > IMO Something more needs to be done here, at the very least I would expect > to se a very large disclaimer that these are not releases for use of the > general public and for internal development use only and are not Apache > Releases. A google search brings up that page and it is incorrectly titled > "Apache MXNet Python Binary Distribution”. I see other download pages that > just contain links and no information to what the files are. > > It also needs to be clear what a user is installed from this install page > [1] which I assume is using the above? The GitHub download page [2] is also > confusing as it contains a mix of Apache and non-Apache releases. > > > - PyPI releases are not the act of this PPMC, but are from individuals > > acting as third-party for the convenience of the community. > > Currently this page isn’t in line with Apache trademark policy. > > > With my PPMC hat on, we will take the following actions: > > > > - We will try to take down problematic Maven releases immediately and > > discuss in the community how to proceed with future Maven releases. > > Thanks for that. > > > - We will introduce source releases on PyPI and Maven using apache-mxnet > > name to provide users with the option to have Apache distribution and > allow > > users to compile CUDA/cuDNN code as an option. > > I assume that mean you will two distribution on PyPI? Or is the intent to > remove the other one? > > > Finally, we appreciate any lesson other projects can share on licensing > and > > distribution that involves CUDA code. Thanks. > > I’m not aware of any other project that uses CUDU code. > > Thanks, > Justin > > 1. https://mxnet.apache.org/get_started/? > 2. https://github.com/apache/incubator-mxnet/releases > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: Issue with releases / feedback from ASF board
> > I’m not aware of any other project that uses CUDU code. > I want to point out that most machine learning and analytics related projects will likely need to involve (and likely distribute) CUDA code, this would include some of the current TLPs. Here are some examples using search: - Arrow https://arrow.apache.org/docs/python/cuda.html - SystemML https://systemml.apache.org/docs/1.2.0/gpu - Singa https://svn.apache.org/repos/infra/websites/production/singa/content/docs/gpu.html TQ > > 1. https://mxnet.apache.org/get_started/? > 2. https://github.com/apache/incubator-mxnet/releases > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: Issue with releases / feedback from ASF board
Hi, > - MXNet publishes only nightly pre-release builds to dist.mxnet.io for the > verification purpose for projects in the ecosystem and for developers who > work on the bleeding edge. IMO Something more needs to be done here, at the very least I would expect to se a very large disclaimer that these are not releases for use of the general public and for internal development use only and are not Apache Releases. A google search brings up that page and it is incorrectly titled "Apache MXNet Python Binary Distribution”. I see other download pages that just contain links and no information to what the files are. It also needs to be clear what a user is installed from this install page [1] which I assume is using the above? The GitHub download page [2] is also confusing as it contains a mix of Apache and non-Apache releases. > - PyPI releases are not the act of this PPMC, but are from individuals > acting as third-party for the convenience of the community. Currently this page isn’t in line with Apache trademark policy. > With my PPMC hat on, we will take the following actions: > > - We will try to take down problematic Maven releases immediately and > discuss in the community how to proceed with future Maven releases. Thanks for that. > - We will introduce source releases on PyPI and Maven using apache-mxnet > name to provide users with the option to have Apache distribution and allow > users to compile CUDA/cuDNN code as an option. I assume that mean you will two distribution on PyPI? Or is the intent to remove the other one? > Finally, we appreciate any lesson other projects can share on licensing and > distribution that involves CUDA code. Thanks. I’m not aware of any other project that uses CUDU code. Thanks, Justin 1. https://mxnet.apache.org/get_started/? 2. https://github.com/apache/incubator-mxnet/releases
Re: Issue with releases / feedback from ASF board
Hi Justin and incubator, Thank you for the feedback. 1. We fully intend to address the licensing issues in releases and software distributions as part of our efforts towards graduation. 2. To my knowledge, there was no intention from this PPMC to bypass the software release policy. To clarify on 2: - MXNet publishes only nightly pre-release builds to dist.mxnet.io for the verification purpose for projects in the ecosystem and for developers who work on the bleeding edge. - PyPI releases are not the act of this PPMC, but are from individuals acting as third-party for the convenience of the community. The binary releases there are not from dist.mxnet.io, but are produced from the same or similar build scripts without modification to the source code. - We made a mistake on Maven releases that we took the same solution as PyPI without carefully reviewing that it complies with the license requirement. With my PPMC hat off, as the individual who made releases to PyPI: - I do NOT intend to confuse the users of our PyPI releases to be the act of MXNet PPMC as I didn't use the apache-mxnet as PyPI package name, which is specified by the draft policy on releases [1]. I will initiate review with Apache Trademark to make sure it is clear. - I do NOT intend to confuse the users of our PyPI releases to be under Apache License 2.0 and it's an artifact from using the same build script. I will seek input from Apache Legal on LEGAL-515 to clarify what the proper licensing should be. With my PPMC hat on, we will take the following actions: - We will try to take down problematic Maven releases immediately and discuss in the community how to proceed with future Maven releases. - We will introduce source releases on PyPI and Maven using apache-mxnet name to provide users with the option to have Apache distribution and allow users to compile CUDA/cuDNN code as an option. Finally, we appreciate any lesson other projects can share on licensing and distribution that involves CUDA code. Thanks. Regards, Sheng On behalf of Apache MXNet (Incubating) PPMC On Fri, May 22, 2020 at 8:49 PM Justin Mclean wrote: > Hi, > > The incubator report had the following feedback: > Incubator needs to address the software distribution issues > regarding MXNet (not reporting this month). The PPMC is > effectively bypassing our software release policies by creating > distribution packages that are combined with non-open-source > platform libraries and publishing them on dist.mxnet.io, where > they are picked up and distributed using the PyPi channel to > all Python users. The resulting pages on PyPi mislead users > into thinking they are installing an Apache License 2.0 package > even though it contains software that we are not allowed to > distribute under our license. > https://issues.apache.org/jira/browse/LEGAL-515 > https://dist.mxnet.io/python/cu102 > https://pypi.org/project/mxnet-cu102/ > > I can see you have been discussing this here [1] so some progress has been > made. It would be a good idea to keep the Incubator PMC in the loop on what > actions the PMC is going to take to resolve this. > > Thanks, > Justin > > 1. https://s.apache.org/5102c > >
Issue with releases / feedback from ASF board
Hi, The incubator report had the following feedback: Incubator needs to address the software distribution issues regarding MXNet (not reporting this month). The PPMC is effectively bypassing our software release policies by creating distribution packages that are combined with non-open-source platform libraries and publishing them on dist.mxnet.io, where they are picked up and distributed using the PyPi channel to all Python users. The resulting pages on PyPi mislead users into thinking they are installing an Apache License 2.0 package even though it contains software that we are not allowed to distribute under our license. https://issues.apache.org/jira/browse/LEGAL-515 https://dist.mxnet.io/python/cu102 https://pypi.org/project/mxnet-cu102/ I can see you have been discussing this here [1] so some progress has been made. It would be a good idea to keep the Incubator PMC in the loop on what actions the PMC is going to take to resolve this. Thanks, Justin 1. https://s.apache.org/5102c
