Good examples of licensing in ASF produced web apps?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Good examples of licensing in ASF produced web apps?

Roman Shaposhnik-2
Hi!

I advising a podling on producing a binary release that
includes a Java web app (think war file). I wanted to give
them a taste of what TLPs do so I went to the ones that
I knew were generating war files: Oozie and Ranger.
You know the stuff I'm familiar with in Hadoop ecosystem.

What he discovered may shock you! No, but seriously.

Here's what these projects publish on Maven central:

https://search.maven.org/remotecontent?filepath=org/apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
https://search.maven.org/remotecontent?filepath=org/apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war

Each of these WAR files:
   1. bundles all sorts of dependancies -- not just the bits coming
    from the project itself

    2. Neither provides a meanigful LICENSE nor NOTICE files.
    The ones under ./WEB-INF/classes/META-INF are stock ones
    and really don't address the binary dependencies bundling

Have we somehow relaxed the requirements for binary artifacts?
I hope not -- and if not -- what are the good examples of web app
projects doing it right?

Thanks,
Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Tom Barber-3
I don't have any examples, but I don't know of any webapps that don't
bundle dependencies otherwise users are forced to install all the
dependencies by hand into tomcat/common or something. Whether they
dependencies are ASF compatible or not I don't know, but from the peanut
gallery that sounds completely normal.

Tom

On Fri, May 26, 2017 at 10:49 PM, Roman Shaposhnik <[hidden email]> wrote:

> Hi!
>
> I advising a podling on producing a binary release that
> includes a Java web app (think war file). I wanted to give
> them a taste of what TLPs do so I went to the ones that
> I knew were generating war files: Oozie and Ranger.
> You know the stuff I'm familiar with in Hadoop ecosystem.
>
> What he discovered may shock you! No, but seriously.
>
> Here's what these projects publish on Maven central:
>
> https://search.maven.org/remotecontent?filepath=org/
> apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
> https://search.maven.org/remotecontent?filepath=org/
> apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war
>
> Each of these WAR files:
>    1. bundles all sorts of dependancies -- not just the bits coming
>     from the project itself
>
>     2. Neither provides a meanigful LICENSE nor NOTICE files.
>     The ones under ./WEB-INF/classes/META-INF are stock ones
>     and really don't address the binary dependencies bundling
>
> Have we somehow relaxed the requirements for binary artifacts?
> I hope not -- and if not -- what are the good examples of web app
> projects doing it right?
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>


--
Tom Barber
CTO Spicule LTD
[hidden email]

http://spicule.co.uk

@spiculeim <http://twitter.com/spiculeim>

Schedule a meeting with me <http://meetme.so/spicule>

GB: +44(0)5603641316
US: +18448141689

<https://leanpub.com/juju-cookbook>
Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Roman Shaposhnik
On Fri, May 26, 2017 at 2:52 PM, Tom Barber <[hidden email]> wrote:
> I don't have any examples, but I don't know of any webapps that don't
> bundle dependencies otherwise users are forced to install all the
> dependencies by hand into tomcat/common or something. Whether they
> dependencies are ASF compatible or not I don't know, but from the peanut
> gallery that sounds completely normal.

Well my podling doesn't -- they manipulate TC classpath to find extra
dependencies.

But that's actually not important -- you're right bundling
dependencies is OK, but
doing that makes it even more important to do proper LICENSE and NOTICE.

The examples I see in Ooize and Ranger are pretty shockingly not doing any of
that.

Thanks,
Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

P. Taylor Goetz


> On May 26, 2017, at 5:54 PM, Roman Shaposhnik <[hidden email]> wrote:
>
> But that's actually not important -- you're right bundling
> dependencies is OK, but
> doing that makes it even more important to do proper LICENSE and NOTICE.

IMO, you hit the nail on the head right there. I would hope the war file would contain both and they reflect the dependencies contained in the war file (as opposed to the official source distribution, which may not).

-Taylor
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

John D. Ament-2
I'll point out that Ranger graduated the incubator with a less than stellar
release history.  [1] is a good example of such problems

Oozie predates me.

But to answer the original question, no, the requirements shouldn't be any
less stringent on WAR files vs other packages, its a closed package that is
hard to look at and needs to indicate everything within it.  While both of
these projects were incubating, they are no longer incubating and you
should follow up with them directly if you want them to fix their licensing.


[1]:
https://lists.apache.org/thread.html/2dda0fef19673055482574d6d7350273bb6db55026ab9f10b4cf461c@%3Cgeneral.incubator.apache.org%3E


On Fri, May 26, 2017 at 6:26 PM P. Taylor Goetz <[hidden email]> wrote:

>
>
> > On May 26, 2017, at 5:54 PM, Roman Shaposhnik <[hidden email]>
> wrote:
> >
> > But that's actually not important -- you're right bundling
> > dependencies is OK, but
> > doing that makes it even more important to do proper LICENSE and NOTICE.
>
> IMO, you hit the nail on the head right there. I would hope the war file
> would contain both and they reflect the dependencies contained in the war
> file (as opposed to the official source distribution, which may not).
>
> -Taylor
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Roman Shaposhnik
On Fri, May 26, 2017 at 4:37 PM, John D. Ament <[hidden email]> wrote:

> I'll point out that Ranger graduated the incubator with a less than stellar
> release history.  [1] is a good example of such problems
>
> Oozie predates me.
>
> But to answer the original question, no, the requirements shouldn't be any
> less stringent on WAR files vs other packages, its a closed package that is
> hard to look at and needs to indicate everything within it.  While both of
> these projects were incubating, they are no longer incubating and you
> should follow up with them directly if you want them to fix their licensing.

I do -- but that gets me back to my original question -- what example
can I give them?

Seriously -- at this point -- I'm about to go to Maven central and
search for org.apache.*
artifacts with war as packaging and see what comes up in terms of
recent releases.

However, if somebody can spare me this agony -- I'd appreciate it ;-)

Thanks,
Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

John D. Ament-2
On Fri, May 26, 2017 at 7:39 PM Roman Shaposhnik <[hidden email]>
wrote:

> On Fri, May 26, 2017 at 4:37 PM, John D. Ament <[hidden email]>
> wrote:
> > I'll point out that Ranger graduated the incubator with a less than
> stellar
> > release history.  [1] is a good example of such problems
> >
> > Oozie predates me.
> >
> > But to answer the original question, no, the requirements shouldn't be
> any
> > less stringent on WAR files vs other packages, its a closed package that
> is
> > hard to look at and needs to indicate everything within it.  While both
> of
> > these projects were incubating, they are no longer incubating and you
> > should follow up with them directly if you want them to fix their
> licensing.
>
> I do -- but that gets me back to my original question -- what example
> can I give them?
>
> Seriously -- at this point -- I'm about to go to Maven central and
> search for org.apache.*
> artifacts with war as packaging and see what comes up in terms of
> recent releases.
>
> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>
>
I believe Fineract would be a good example.  I don't think they're on maven
central, but you can download them -
https://dist.apache.org/repos/dist/release/fineract/0.6.0-incubating/apache-fineract-0.6.0-incubating-binary.tar.gz

NOTICE/LICENSE in the root of the distribution + the WAR file (in WEB-INF).


> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Felix Meschberger-4
In reply to this post by Roman Shaposhnik-2
Hi Roman

As has been mentioned by others, I would not think there is any relaxation. At the end of the day, it is something we build and distribute. So not having appropriate LICENSE and NOTICE (and probably DEPENDENCIES) is a no-go.

Having said that: The default Maven WAR plugin is just bundling the transitive clousure dependencies of the project, which if you don’t pay attention is half of the internet. JAR hell live.

Apache Sling also distributes WAR files. The difference here is that it is built with a custom-built plugin because essentially Sling only uses the servlet container as a container and manages its own deployment through an OSGi framework.

For example http://www-eu.apache.org/dist/sling/org.apache.sling.launchpad-8-webapp.war

Regards
Felix

Am 26.05.2017 um 23:49 schrieb Roman Shaposhnik <[hidden email]<mailto:[hidden email]>>:

Hi!

I advising a podling on producing a binary release that
includes a Java web app (think war file). I wanted to give
them a taste of what TLPs do so I went to the ones that
I knew were generating war files: Oozie and Ranger.
You know the stuff I'm familiar with in Hadoop ecosystem.

What he discovered may shock you! No, but seriously.

Here's what these projects publish on Maven central:

https://search.maven.org/remotecontent?filepath=org/apache/oozie/oozie-webapp/4.3.0/oozie-webapp-4.3.0.war
https://search.maven.org/remotecontent?filepath=org/apache/ranger/security-admin-web/0.7.0/security-admin-web-0.7.0.war

Each of these WAR files:
  1. bundles all sorts of dependancies -- not just the bits coming
   from the project itself

   2. Neither provides a meanigful LICENSE nor NOTICE files.
   The ones under ./WEB-INF/classes/META-INF are stock ones
   and really don't address the binary dependencies bundling

Have we somehow relaxed the requirements for binary artifacts?
I hope not -- and if not -- what are the good examples of web app
projects doing it right?

Thanks,
Roman.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Myrle Krantz-2
In reply to this post by John D. Ament-2
Hey John,

On Sat, May 27, 2017 at 1:42 AM, John D. Ament <[hidden email]> wrote:

> On Fri, May 26, 2017 at 7:39 PM Roman Shaposhnik <[hidden email]>
> wrote:
>>
>> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>>
>>
> I believe Fineract would be a good example.  I don't think they're on maven
> central, but you can download them -
> https://dist.apache.org/repos/dist/release/fineract/0.6.0-incubating/apache-fineract-0.6.0-incubating-binary.tar.gz
>
> NOTICE/LICENSE in the root of the distribution + the WAR file (in WEB-INF).
>

Apache Fineract code does not currently contain a UI.  The Mifos
Initiative did not donate the UI because of licensing issues.  Some
colleagues and I at Kuelap are working on a UI we wish to donate to
the project, but it is not yet under Apache's auspices.

Sorry, I can't be of more help,
Myrle

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Good examples of licensing in ASF produced web apps?

Richard Downer
In reply to this post by Roman Shaposhnik
Hi Roman,

Didn't see this email sooner so I hope you haven't spent two days trawling
Maven Central!

Take a look at Brooklyn. One of our artifacts is a WAR file for the web UI.
Ultimately it's embedded in the final product of the build, but it does
exist as a standalone WAR file so may be useful for your purposes. We spent
a lot of effort making sure that LICENSE and NOTICE are correct for every
individual artifact we produce, and this particular one does have a lengthy
LICENSE thanks to all the embedded binary dependencies.

Take a look at:
https://repo1.maven.org/maven2/org/apache/brooklyn/brooklyn-jsgui/0.11.0/

Hope this helps.

Richard.


On 27 May 2017 at 00:39, Roman Shaposhnik <[hidden email]> wrote:

> On Fri, May 26, 2017 at 4:37 PM, John D. Ament <[hidden email]>
> wrote:
> > I'll point out that Ranger graduated the incubator with a less than
> stellar
> > release history.  [1] is a good example of such problems
> >
> > Oozie predates me.
> >
> > But to answer the original question, no, the requirements shouldn't be
> any
> > less stringent on WAR files vs other packages, its a closed package that
> is
> > hard to look at and needs to indicate everything within it.  While both
> of
> > these projects were incubating, they are no longer incubating and you
> > should follow up with them directly if you want them to fix their
> licensing.
>
> I do -- but that gets me back to my original question -- what example
> can I give them?
>
> Seriously -- at this point -- I'm about to go to Maven central and
> search for org.apache.*
> artifacts with war as packaging and see what comes up in terms of
> recent releases.
>
> However, if somebody can spare me this agony -- I'd appreciate it ;-)
>
> Thanks,
> Roman.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>