Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Tsuyoshi Ozawa
> The problem I described influences not only binary tar ball, but also > binaries which is deployed on maven. We need to check them. I checked GPL sentences to check whether we need eliminate LGPL files: http://www.gnu.org/licenses/gpl-faq.en.html#GPLCompatInstaller Quoting from the sentence: >

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Xiao Chen
Andrew has been working on the next patch recently, but he's on PTO since today until next Mon. We still have some license merging work to do, I'll handle it. I think we can have an update on Monday or Tuesday. So far looks like the deps using LGPL are all dual-licensed, so we don't have legal

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Vinod Kumar Vavilapalli
Can you please summarize on how much effort is still left with HADOOP-12893? Like the starting email mentioned, for all purposes, all Hadoop releases are blocked on this decision - even though they are ready otherwise (for e.g. 2.7.3). +Vinod > On May 19, 2016, at 1:34 AM, Tsuyoshi Ozawa

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Tsuyoshi Ozawa
> so I'm thinking this is not a problem. We need to update the patch to address the above comments. Especially, we need to investigate what dependency is in binary tarball or not. The problem I described influences not only binary tar ball, but also binaries which is deployed on maven. We need to

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Tsuyoshi Ozawa
Quoting from offline discussion by Akira's comment: In HADOOP-12893, the LGPL2.1 dependencies are as follows: > Logback Core Module > jdiff > Javaassist They are not included in binary tarball. > FindBugs-jsr305 jsr305-3.0.0.jar is included in binary tarball. This is actually New BSD license.

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-19 Thread Tsuyoshi Ozawa
> We used to say "the src tarball is the only official release artifact, the > bin tarball and jars are only provided as a convenience", but I don't think > we're actually allowed to do that. Yes, I know it's not useful for end users. I'd like to clarify the problems we're facing here.

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-17 Thread Andrew Wang
Re: src-only release The primary way people consume our artifacts is the binary tarball and more importantly the Maven artifacts. Our downstreams aren't going to integrate and test without Maven artifacts. Thus (unfortunately) I don't see a src-only release being very useful. We used to say "the

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-17 Thread Steve Loughran
> On 16 May 2016, at 02:43, Andrew Wang wrote: > > Hi common-dev, > > We have a first cut of the L files on HADOOP-12893. Many thanks to Xiao > Chen and Akira Ajisaka for doing the brunt of this work. However, full ASF > compliance will require a lot more Maven work.

Re: [DISCUSS] Release blocker HADOOP-12893 (LICENSE and NOTICE files)

2016-05-17 Thread Tsuyoshi Ozawa
Hi Andrew, Thank you for starting discussion. > We're thinking about a "fix-and-iterate" approach, just to get the currently > ongoing releases out the door. It's a good choice and I agree with you basically. My impression, however, is that we should stop *binary distribution* and we should