Hi,
I would update the asc file (and KEYS file if needed) so that if any user tries
to verify the release, it can be verified.
Kind Regards,
Justin
Hi,
Correct as it didn't contain a +1 in it.
Justin
Hi,
The Cassandra download page [1] includes signature files, but you also need to
include a link to the KEYS files to verify these. Relevant ASF policy is here
[2].
Trying the verify the latest source release, it fails with this error:
gpg: assuming signed data in
Hi,
In the vote thread, there are only two explicit +1 PMC votes. In the future, it
would be best to wait for three +1 votes, or the release manager should also
vote.
Kind Regards,
Justin
Hi,
In a result for a release vote, it is best to list the PMC members who voted +1
as this helps board/PMC oversight. However, looking at the vote thread I only
see 2 explicit +1 PMC votes.
Kind Regards,
Justin
Hi,
> >> - It looks like there might be compiled code in the release? [1][2]
> Non issue. Test resources.
Test resources are not exempt - see [1]
> >> - Files are missing ASF headers [3][4][6][7][8] are these 3rd party files?
>
> Non issue. Doc files, or third-party files.
> Dockerfiles fixed
Hi,
If I were to vote on this, it would be -1 (non-binding) due to non-compliance
with ASF policy on releases.
I checked:
- signatures and hashes are correct
- It looks like there might be compiled code in the release? [1][2]
- LICENSE is misisng some 3rd party code license information [5] This
Hi,
None of those logos match the one used on the web site where Apache is in a
different font and Cassandra is in a different font and in capitals. Is the
logo on the website now the preferred logo? Is there a version with black
text? If so any chance it could be uploaded to
Hi,
I've notice that the Cassandra logo on the web site doesn't match the
"official" one in https://apache.org/logos/ any change the logo could be
updated?
Thanks,
Justin
-
To unsubscribe, e-mail:
Hi,
> One point that seems to be a big concern for most people is that the
> discussion is now happening on some mailing list where people do not have
> access.
There are people in this community that do have access so I would not be
concerned. Most of the conversation is on the legal discuss
Hi,
> I have yet to see a legal reason why including binaries in packages is a
> bad thing.
How do you review the release? How do you know there's not something that
incompatible with the ALv2 in it? With reproducible builds you might be able to
do this but I assuming that's not the case here.
Hi,
> The current board agenda item is still not accurate. The PMC members and
> the project are not ignoring the issue.
Voting +1 on a release with that issue IMO says otherwise, but others may have
differing opinions on that.
> Also, it would be nice if you could reference this thread, in
Hi,
JFYI I've started a discussion about this on the board list [1]. Note that that
list is for the board to conduct business on, so please take care in what you
post there.
Thanks,
Justin
1.
Hi,
> To the PMC: the next boarding meeting is on 21st April, so we have time to
> get this release out and probably more as well (hopefully with the fix
> for CASSANDRA-16391) before that date.
If I was a PMC member here, I would reconsider making that release without
fixing this issue. I
Hi,
> Given the same agreement there that the ASF's docs are unclear on the
> topic, and having to rely upon a post from Roy in *some thread, I think it
> is safe to say we can (if need be) continue until those docs are made up to
> date. Also, I cannot see how the ASF can enforce anything
HI,
> I recommend that the PMC continues its vote on 4.0-rc1.
In that case I'll need to raise this issue with theASF board.
Justin
-
To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail:
Hi,
> You are probably right, but as far as I am aware you are not an official
> source of ASF policy on this matter.
I am currently assistant VP legal affairs and have made changes to ASF policy
before, in particular to the release and distribution policy. I guess you are
asking for
Hi,
I can say with 100% certainty that:
- ASF source releases cannot contain compiled code (jars, dlls or the like)
- ASF source releases cannot include Category B code compiled or not compiled
- ASF convenience binaries can contain Category B compiled code
In various roles at the ASF including
Hi,
> This is a known problem. Please help out.
That is the reason of having those jars in the source release? Could it just be
replaced by a series of curl commands in a shell script?
I can help fix up the LICENSE and NOTICE files, but the inclusion of compiled
code in a source release is
Hi,
> Again, I don't see this stated explicitly. Perhaps the guidance should be
> clarified if this is the intention?
Out documentation can be improved, PRs welcome. :-) It was thought that
something like this didn't need to be documented, but obviously it does. I'll
start a conversation on
HI,
> The notion that these jars are "not open source" and must therefor not be
> used in the way they are intended is a preposterous stance
I suggest you read the whole thread. The outcome was that it's OK to put jars
in version control but not in a source release.
This has been discussed
Hi,
> Could you clarify why you think this is incompatible with ASF policy?
Because a source release could not contain compiled code (category A or
otherwise), if it does then it not open source. See for instance [1]. This is
why tools like Apache Rat look for certain types of binary files in
Hi,
I noticed the download page [1] contains links to convenience binaries but not
to the actual release. I can see that the source is in the place on the mirrors
but there's not an obvious link to it.
When I did download the the 3.11.10 release [2], I can see that it contained
compiled
Hi,
I took a look at the source release and notice a couple of things from an ASF
policy point of view:
1. The LICENSE file may or may not include a list of things that are bundled in
the source release.The license seems to refer to 3rd party dependancies rather
than what is actually included
24 matches
Mail list logo
