[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-07-26 Thread Justin Mclean (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17165145#comment-17165145
 ] 

Justin Mclean edited comment on INCUBATOR-253 at 7/26/20, 12:40 PM:


It also seems that this code may have been released before the PPMC/IPMC vote 
is over see [1][2][3][4] There are also branding and trademark issue with this 
site [5] This is in addition to the issues previously noted with releases, 
branding and trademarks.[6]

Thanks,
Justin

There seems to be more release, branding and trademark issues here:

15. https://sourceforge.net/projects/apache-mxnet.mirror/
16. 
https://repo.gradle.org/gradle/simple/repo/ai/djl/mxnet/mxnet-native-mkl/1.7.0-b/
17. https://mvnrepository.com/artifact/ai.djl.mxnet
18. 
https://aur.archlinux.org/packages/?O=0=nd=mxnet=v=d=50_Search=Go
19. https://djl.ai



was (Author: jmclean):
It also seems that this code may have been released before the PPMC/IPMC vote 
is over see [1][2][3][4] There are also branding and trademark issue with this 
site [5] This is in addition to the issues previously noted with releases, 
branding and trademarks.[6]

Thanks,
Justin

There seem to be more release, branding and trademark issues here:

15. https://sourceforge.net/projects/apache-mxnet.mirror/
16. 
https://repo.gradle.org/gradle/simple/repo/ai/djl/mxnet/mxnet-native-mkl/1.7.0-b/
17. https://mvnrepository.com/artifact/ai.djl.mxnet
18. 
https://aur.archlinux.org/packages/?O=0=nd=mxnet=v=d=50_Search=Go
19. https://djl.ai


> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> 14. Branding and release of 3rd parties containing unreleased code. (e.g. 
> https://docs.nvidia.com/deeplearning/frameworks/mxnet-release-notes/rel_20-03.html)
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> https://mxnet.apache.org/get_started?
> https://mxnet.apache.org/get_started/download
> I may of missed something, if so please add it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org



[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-07-02 Thread Leonard Lausen (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149872#comment-17149872
 ] 

Leonard Lausen edited comment on INCUBATOR-253 at 7/2/20, 5:38 PM:
---

Please see the MXNet report to the incubator for an update on the 14 items: 
https://cwiki.apache.org/confluence/display/INCUBATOR/July2020#mxnet

EDIT as per Justin's recommendation


was (Author: lausen):
I'm including below an excerpt from the MXNet report to the Incubator:

 

{code:java}

 Issues with releases and distributions

# Background
In May 2020 The MXNet PPMC has proactively initiated a ASF policy compliance
review [1] and a license review [2] with the Apache Legal team.

The license review uncovered that

- Building unmodified MXNet release source code with the optional NVidia GPU
 support enabled results in a binary subject to restrictions of NVidia EULA.
- PPMC members and committers uploaded convenience releases to
 repository.apache.org which contain Category-X components. Both GPL and
 NVidia EULA components were found.
 
The policy review uncovered that:

- Prior ASF guidance to the PPMC (December 2018 legal review [3]) was incomplete
 and did not include a reference to the "unwritten" rule that convenience
 binary distributions created by third-parties using ASF Trademarks must not
 include Category-X components. Based on this discovery, the Draft Downstream
 Distribution Branding Policy was updated in June 2020 to include the
 "unwritten" requirement. Based on the updated guidance, PPMC discovered
 various third-party trademark infringements.
 
The policy review did not yet conclude on the questions if

- The PPMC may create nightly development builds (audience restricted to dev
 list subscribers as per Release policy [4]) for the purpose of testing and
 developing MXNet;

# List of issues and their status

Justin classified the issues into 14 items.

1) Source and convenance binary releases containing Category X licensed code.

See summary from license review in Background section. Source code releases do
not contain Category X code; Takedown of binary releases on
repository.apache.org is pending on Apache Infra. (Trademark infringements of
3rd-parties such as on pypi are discussed separately)

2. Website giving access to downloads of non released/unapproved code.

Website contained links to nightly development builds which have been removed 
[5];
Going forward the PPMC intends to begin periodical voting on Alpha and Beta
Releases which will then be linked from the website.

3. Website giving access to releases containing Category X licensed code.

Website contained links to third-party distributions incorporating Category-X
components (see summary from license review above). Disclaimers were added to
the website clarifying the third-party status of the releases and their
licenses. [5]

4. Web site doesn't given enough warning to users of the issues with non
(P)PMC releases or making it clear that these are not ASF releases.

Website contained links to third-party distributions incorporating Category-X
components (see summary from license review above). Disclaimers were added to
the website clarifying the third-party status of the releases and their
licenses. [5]

5. Maven releases containing Category X licensed code.

See summary from license review in Background section. Source code releases do
not contain Category X code; Takedown of binary releases on
repository.apache.org is pending on Apache Infra. [6] (Trademark infringements 
of
3rd-parties are discussed separately)

6. PyPI releases containing Category X licensed code.

There are no PiPy releases by the PPMC. Please refer to the trademark
infringement section of the report.

7. Docker releases containing Category X licensed code.

There are no Docker releases by the PPMC. Please refer to the trademark
infringement section of the report.

8. Docker releases containing unreleased/unapproved code.

There are no Docker releases by the PPMC. The existence of third-party releases
containing unreleased code was approved in [3] and is also in line with the
current Downstream Distribution Branding Draft Policy. ("using any particular
revision from the development branch is OK" [3])

9. Trademark and branding issues with PiPy and Docker releases.

There are no PiPy releases by the PPMC. Please refer to the trademark
infringement section of the report.

10. Trademark and brand issues with naming of releases.

There are no binary releases by the PPMC besides the repository.apache.org
releases discussed above, which are being removed.
Please refer to the trademark infringement section of
the report.

11. Developer releases available to users and public searchable
https://repo.mxnet.io / https://dist.mxnet.io

Links to the nightly development builds were removed from the MXNet website and
a robot.txt file was added to prevent 

[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-07-01 Thread Leonard Lausen (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17149872#comment-17149872
 ] 

Leonard Lausen edited comment on INCUBATOR-253 at 7/2/20, 5:08 AM:
---

I'm including below an excerpt from the MXNet report to the Incubator:

 

{code:java}

 Issues with releases and distributions

# Background
In May 2020 The MXNet PPMC has proactively initiated a ASF policy compliance
review [1] and a license review [2] with the Apache Legal team.

The license review uncovered that

- Building unmodified MXNet release source code with the optional NVidia GPU
 support enabled results in a binary subject to restrictions of NVidia EULA.
- PPMC members and committers uploaded convenience releases to
 repository.apache.org which contain Category-X components. Both GPL and
 NVidia EULA components were found.
 
The policy review uncovered that:

- Prior ASF guidance to the PPMC (December 2018 legal review [3]) was incomplete
 and did not include a reference to the "unwritten" rule that convenience
 binary distributions created by third-parties using ASF Trademarks must not
 include Category-X components. Based on this discovery, the Draft Downstream
 Distribution Branding Policy was updated in June 2020 to include the
 "unwritten" requirement. Based on the updated guidance, PPMC discovered
 various third-party trademark infringements.
 
The policy review did not yet conclude on the questions if

- The PPMC may create nightly development builds (audience restricted to dev
 list subscribers as per Release policy [4]) for the purpose of testing and
 developing MXNet;

# List of issues and their status

Justin classified the issues into 14 items.

1) Source and convenance binary releases containing Category X licensed code.

See summary from license review in Background section. Source code releases do
not contain Category X code; Takedown of binary releases on
repository.apache.org is pending on Apache Infra. (Trademark infringements of
3rd-parties such as on pypi are discussed separately)

2. Website giving access to downloads of non released/unapproved code.

Website contained links to nightly development builds which have been removed 
[5];
Going forward the PPMC intends to begin periodical voting on Alpha and Beta
Releases which will then be linked from the website.

3. Website giving access to releases containing Category X licensed code.

Website contained links to third-party distributions incorporating Category-X
components (see summary from license review above). Disclaimers were added to
the website clarifying the third-party status of the releases and their
licenses. [5]

4. Web site doesn't given enough warning to users of the issues with non
(P)PMC releases or making it clear that these are not ASF releases.

Website contained links to third-party distributions incorporating Category-X
components (see summary from license review above). Disclaimers were added to
the website clarifying the third-party status of the releases and their
licenses. [5]

5. Maven releases containing Category X licensed code.

See summary from license review in Background section. Source code releases do
not contain Category X code; Takedown of binary releases on
repository.apache.org is pending on Apache Infra. [6] (Trademark infringements 
of
3rd-parties are discussed separately)

6. PyPI releases containing Category X licensed code.

There are no PiPy releases by the PPMC. Please refer to the trademark
infringement section of the report.

7. Docker releases containing Category X licensed code.

There are no Docker releases by the PPMC. Please refer to the trademark
infringement section of the report.

8. Docker releases containing unreleased/unapproved code.

There are no Docker releases by the PPMC. The existence of third-party releases
containing unreleased code was approved in [3] and is also in line with the
current Downstream Distribution Branding Draft Policy. ("using any particular
revision from the development branch is OK" [3])

9. Trademark and branding issues with PiPy and Docker releases.

There are no PiPy releases by the PPMC. Please refer to the trademark
infringement section of the report.

10. Trademark and brand issues with naming of releases.

There are no binary releases by the PPMC besides the repository.apache.org
releases discussed above, which are being removed.
Please refer to the trademark infringement section of
the report.

11. Developer releases available to users and public searchable
https://repo.mxnet.io / https://dist.mxnet.io

Links to the nightly development builds were removed from the MXNet website and
a robot.txt file was added to prevent indexing of the sites. These websites are
removed from Google search index.

12. Releases and other nightly builds on
https://repo.mxnet.io / https://dist.mxnet.io containing category X licensed 
code.

Neither of 

[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-29 Thread Sheng Zha (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17148199#comment-17148199
 ] 

Sheng Zha edited comment on INCUBATOR-253 at 6/29/20, 11:28 PM:


Justin, on what ground did you delete my comment? I believe anyone in Apache 
should be able to make any comments that are related to the topic as long as 
the conversation is civilized. So I find the deletion inappropriate and rude.

Link to the related conversation on why the updates are organized the way I was 
providing it: 
https://lists.apache.org/thread.html/r0446adfbbed24b016338b2cfa6dcef90066b203162e464ae0088da08%40%3Cprivate.mxnet.apache.org%3E


was (Author: zhasheng):
Justin, why did you delete my comment?

> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> 14. Branding and release of 3rd parties containing unreleased code. (e.g. 
> https://docs.nvidia.com/deeplearning/frameworks/mxnet-release-notes/rel_20-03.html)
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> https://mxnet.apache.org/get_started?
> https://mxnet.apache.org/get_started/download
> I may of missed something, if so please add it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org



[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-24 Thread Sheng Zha (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17144354#comment-17144354
 ] 

Sheng Zha edited comment on INCUBATOR-253 at 6/24/20, 8:26 PM:
---

> Justin: 3rd party distribution also have different branding and trademark 
> policies they need to comply with. In general they would also need to be 
> based on released code.

> Sheng: I don't think the incubator has the right to require this given that 
> the apache license v2 allows redistribution with or without modification as 
> long as the conditions are met.

> Justin: The incubator has every right to ask podlings to comply with ASF 
> policy. ASF policy is on top of what the Apache License allows.

Agreed on the last comment. This is truism and (I believe) not relevant here, 
given that we were talking about third-party releases. I included the full 
context above for your convenience.

The responsibility of the PPMC in this case would be to make sure users of our 
project are sufficiently notified that these are not first-party releases and 
that they contain additional components that pose further restriction than what 
ALv2 license grants, and the third-party use complies with legal and trademark 
requirements. And we the PPMC fully intend to do so. As mentioned, we will 
propose the option we want to pursue in full observation of the Apache's 
policies and we can continue the discussion on how to do this properly.

 

> The incubator also has the right to terminate a project if it doesn't comply 
>with policy.

Please realize that if certain constraints affect the viability of our 
ecosystem, a threat to terminate carries little weight to us. Also, one 
difficulty we've been having is caused by individuals imposing their opinions 
as policies on us. Examples include draft release policies that haven't 
sufficiently considered podling's release needs or passed proper Apache 
processes.

That said, we are still working hard to find a way to make MXNet viable in 
Apache incubator. In the unfortunate circumstances in which this is no longer 
possible, or that we have policy violations that the incubator can no longer 
tolerate to the extent that termination is warranted, let us know.

 

At the core, the problem is that GPU acceleration, one of the two pillars of 
modern deep learning frameworks (w/ the other pillar being 
auto-differentiation) only receives the status of category-X optional features 
at Apache. As a result, MXNet has no choice but to seek ways to accommodate 
both the goal of protecting the freedom for the use of our software and the 
goal of having a useful deep learning framework. Thus, we test many unclear 
definitions in the scope of category-X optional features. We also do not expect 
the situation to change as new hardware accelerator vendors are unlikely to 
allow reverse engineering which is incompatible with ALv2. There have been 
several generations of popular deep learning frameworks and we realize now that 
it's no coincidence that none was in Apache before MXNet.

As PPMC, we fully intend to uphold our responsibility of protecting our users 
from legal risks as part of Apache and we are learning our lessons for this. 
Keep in mind that we also have the responsibility to be a useful modern deep 
learning framework. We will not compromise one responsibility for the other. My 
hope is that the incubator is willing to work with us through rational 
discussion, and help guide us to our goal in the welcoming way of Apache.


was (Author: zhasheng):
> Justin: 3rd party distribution also have different branding and trademark 
> policies they need to comply with. In general they would also need to be 
> based on released code.

> Sheng: I don't think the incubator has the right to require this given that 
> the apache license v2 allows redistribution with or without modification as 
> long as the conditions are met.

> Justin: The incubator has every right to ask podlings to comply with ASF 
> policy. ASF policy is on top of what the Apache License allows.

Agreed on the last comment. This is truism and (I believe) not relevant here, 
given that we were talking about third-party releases. I included the full 
context above for your convenience.

The responsibility of the PPMC in this case would be to make sure users of our 
project are sufficiently notified that these are not first-party releases and 
that they contain additional components that pose further restriction than what 
ALv2 license grants. And we the PPMC fully intend to do so. As mentioned, we 
will propose the option we want to pursue in full observation of the Apache's 
policies and we can continue the discussion on how to do this properly.

 

> The incubator also has the right to terminate a project if it doesn't comply 
>with policy.

Please realize that if certain constraints affect the viability of our 
ecosystem, a 

[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-22 Thread Sheng Zha (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17142496#comment-17142496
 ] 

Sheng Zha edited comment on INCUBATOR-253 at 6/23/20, 12:09 AM:


> Anyone including PPMC members (with hat off) can build a third party artifact 
>but it needs to be clear to potential downloaders/users that said artifact is 
>a third party artifact.

> 3rd party distribution also have different branding and trademark policies 
>they need to comply with.

This makes sense. We plan to make a proposal on how our community will provide 
pre-built binary as third-party releases and review its adherence to the 
branding and trademark policies.

> In general they would also need to be based on released code.

I don't think the incubator has the right to require this given that the apache 
license v2 allows redistribution with or without modification as long as the 
conditions are met.

> in short if it a channel controlled by the (P)PMC then it would not be 
>considered an 3rd party release.

The definition of "control" is ambiguous. As long as the PPMC hat can be on or 
off at will, any declaration of "controlled by the (P)PMC" can be true and 
false at the same time.


was (Author: zhasheng):
> Anyone including PPMC members (with hat off) can build a third party artifact 
>but it needs to be clear to potential downloaders/users that said artifact is 
>a third party artifact.

> 3rd party distribution also have different branding and trademark policies 
>they need to comply with.

This makes sense. We plan to make a proposal on how our community will provide 
pre-built binary as third-party releases that adhere to the branding and 
trademark policies.

> In general they would also need to be based on released code.

I don't think the incubator has the right to require this given that the apache 
license v2 allows redistribution with or without modification as long as the 
conditions are met.

> in short if it a channel controlled by the (P)PMC then it would not be 
>considered an 3rd party release.

The definition of "control" is ambiguous. As long as the PPMC hat can be on or 
off at will, any declaration of "controlled by the (P)PMC" can be true and 
false at the same time.

> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> 14. Branding and release of 3rd parties containing unreleased code. (e.g. 
> https://docs.nvidia.com/deeplearning/frameworks/mxnet-release-notes/rel_20-03.html)
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> https://mxnet.apache.org/get_started?
> https://mxnet.apache.org/get_started/download
> I may of missed something, if so please add it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org



[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-21 Thread Justin Mclean (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141307#comment-17141307
 ] 

Justin Mclean edited comment on INCUBATOR-253 at 6/21/20, 8:11 AM:
---

Re 1 there was discussion about Category X headers included in the source code. 
2, 4, 13 are seperate issues. For the trade marks issue you cannot call a 
release  "Apache MXNet" if it contains something from category X, but there are 
also separate trademark/branding issues with both the PiPy and Docker download 
pages. 7 and 8 are seperate issues. Re 12 a Google search shows these artefacts 
to users to download. I would be of the opinion that nightly builds (or in fact 
any build) created by the PPMC are NOT allowed to have category X licensed 
code. Re category X code in releases I also believe there was multiple category 
X issues including one with Intel and one with CUDA.

The board or Incubator PMC is unlikely to search though GitHub issues to see 
what is being done, but they would look at your mailing list(s) for discussion 
about these items. I don't see any discussion about changing the CUDA license 
or what's involved there. Is this conversation taking place and if so where?

It's up to PPMC to correct these issues. At some point the project needs to do 
this for itself and shows it understand ASF policy before it can graduate. So 
it would be great if the project can gp ahead and do this on it own and show 
it's making progress towards that goal. However if you need help please ask 
your mentors or if for some reason they can't help then bring it up here or on 
the general@ or relevant mailing list.




was (Author: jmclean):
Re 1 there was discussion about Category X headers included in the source code. 
2, 4, 13 are seperate issues. For the trade marks issue you cannot call a 
release  "Apache MXNet" if it contains something from category X, but there are 
also separate trademark issues with both the PiPy and Docker download pages. 7 
and 8 are seperate issues. Re 12 a Google search shows these artefacts to users 
to download. I would be of the opinion that nightly builds (or in fact any 
build) created by the PPMC are NOT allowed to have category X licensed code. Re 
category X code in releases I also believe there was multiple category X issues 
including one with Intel and one with CUDA.

The board or Incubator PMC is unlikely to search though GitHub issues to see 
what is being done, but they would look at your mailing list(s) for discussion 
about these items. I don't see any discussion about changing the CUDA license 
or what's involved there. Is this conversation taking place and if so where?

It's up to PPMC to correct these issues. At some point the project needs to do 
this for itself and shows it understand ASF policy before it can graduate. So 
it would be great if the project can gp ahead and do this on it own and show 
it's making progress towards that goal. However if you need help please ask 
your mentors or if for some reason they can't help then bring it up here or on 
the general@ or relevant mailing list.



> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> 14. Branding and release of 3rd parties containing unreleased code. (e.g. 
> https://docs.nvidia.com/deeplearning/frameworks/mxnet-release-notes/rel_20-03.html)
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> 

[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-21 Thread Justin Mclean (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141307#comment-17141307
 ] 

Justin Mclean edited comment on INCUBATOR-253 at 6/21/20, 6:07 AM:
---

Re 1 there was discussion about Category X headers included in the source code. 
2, 4, 13 are seperate issues. For the trade marks issue you cannot call a 
release  "Apache MXNet" if it contains something from category X, but there are 
also separate trademark issues with both the PiPy and Docker download pages. 7 
and 8 are seperate issues. Re 12 a Google search shows these artefacts to users 
to download. I would be of the opinion that nightly builds (or in fact any 
build) created by the PPMC are NOT allowed to have category X licensed code. Re 
category X code in releases I also believe there was multiple category X issues 
including one with Intel and one with CUDA.

The board or Incubator PMC is unlikely to search though GitHub issues to see 
what is being done, but they would look at your mailing list(s) for discussion 
about these items. I don't see any discussion about changing the CUDA license 
or what's involved there. Is this conversation taking place and if so where?

It's up to PPMC to correct these issues. At some point the project needs to do 
this for itself and shows it understand ASF policy before it can graduate. So 
it would be great if the project can gp ahead and do this on it own and show 
it's making progress towards that goal. However if you need help please ask 
your mentors or if for some reason they can't help then bring it up here or on 
the general@ or relevant mailing list.




was (Author: jmclean):
Re 1 there was discussion about Category X headers included in the source code. 
2, 4, 13 are seperate issues. For the trade marks issue you cannot call a 
release  "Apache MXNet" if it contains something from category X, but there are 
also separate trademark issues with both the PiPy and Docker download pages. 7 
and 8 are seperate issues. Re 12 a Google search shows these artefacts to users 
to download. I would be of the opinion that nightly builds (or in fact any 
build) created by the PPMC are NOT allowed to have category X licensed code. Re 
category X code in releases I also believe there was multiple category X issues 
including one with Intel and one with CUDA.

The board or Incubator PMC is unlikely to search though GitHub issues to see 
what is being done, but they would look at your mailing list(s) for discussion 
about these items. I don't see any discussion about changing the CUDA license 
or what's involved there. Is this conversation taking place and if so where?

It's up to PPMC to correct these issues. At some point the project needs to do 
this for itself and shows it understand ASF policy before it can graduate. So 
it would be great if the project can how ahead and do this on it own and show 
it's making progress towards that goal. However if you need help please ask 
your mentors or if for some reason they can't help then bring it up here or on 
the general@ or relevant mailing list.



> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> https://mxnet.apache.org/get_started?
> https://mxnet.apache.org/get_started/download
> I may of missed something, if so please add it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)


[jira] [Comment Edited] (INCUBATOR-253) Issues with MXNet releases and their distribution

2020-06-20 Thread Sheng Zha (Jira)


[ 
https://issues.apache.org/jira/browse/INCUBATOR-253?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17141273#comment-17141273
 ] 

Sheng Zha edited comment on INCUBATOR-253 at 6/21/20, 3:18 AM:
---

Yes, I'm aware and I am updating that issue to reflect them. Also, we obviously 
missed some issues and I want to make sure that this doesn't happen again, so 
it would be great if you could help link to the existing previous discussions 
on each of the issues you listed above so that we could conduct a retrospect.

> It's been serval months now since the project has been aware of most of these 
> issues

We just started realizing the issues as we recently initiate license reviews 
for binary release as part of https://issues.apache.org/jira/browse/LEGAL-515, 
https://issues.apache.org/jira/browse/LEGAL-516 both of which we initiated in 
May. Please don't make it sound as if it's intentional procrastination from us.

With respect to visibility to the board, I assume they can access the GitHub 
issues. Alternatively, I can paste back a weekly update on the status here.


was (Author: zhasheng):
Yes, I'm aware and I am updating that issue to reflect them. Also, we obviously 
missed some issues and I want to make sure that this doesn't happen again, so 
it would be great if you could help link to the existing previous discussions 
on each of the issues you listed above so that we could conduct a retrospect.

With respect to visibility to the board, I assume they can access the GitHub 
issues. Alternatively, I can paste back a weekly update on the status here.

> Issues with MXNet releases and their distribution
> -
>
> Key: INCUBATOR-253
> URL: https://issues.apache.org/jira/browse/INCUBATOR-253
> Project: Incubator
>  Issue Type: Improvement
>Reporter: Justin Mclean
>Assignee: Justin Mclean
>Priority: Major
>
> The main issues are:
> 1. Source and convenance binary releases containing Category X licensed code.
> 2. Website giving access to downloads of non released/unapproved code.
> 3. Website giving access to releases containing Category X licensed code.
> 4. Web site doesn't given enough warning to users of the issues with non 
> (P)PMC releases or making it clear that these are not ASF releases.
> 5. Maven releases containing Category X licensed code.
> 6. PiPy releases containing Category X licensed code.
> 7. Docker releases containing Category X licensed code.
> 8 Docker releases containing unreleased/unapproved code.
> 9. Trademark and branding issues with PiPy and Docker releases. 
> 10. Trademark and brand issues with naming of releases. 
> 11. Developer releases available to users and public searchable 
> https://repo.mxnet.io / https://dist.mxnet.io
> 12. Releases and other nightly builds on https://repo.mxnet.io / 
> https://dist.mxnet.io containing category X licensed code.
> 13. Lack of clarity on all platforms for what is an ASF release and what is 
> not.
> For PiPy see:
> https://pypi.org/project/mxnet/
> For Docker see:
> https://hub.docker.com/u/mxnet
> For web site pages see:
> https://mxnet.apache.org/get_started?
> https://mxnet.apache.org/get_started/download
> I may of missed something, if so please add it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org