[VOTE] Apache DataFu 1.3.3 release RC0

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[VOTE] Apache DataFu 1.3.3 release RC0

Matthew Hayes-3
The Apache DataFu community has voted on and approved the release of Apache
DataFu 1.3.3 (incubating):

http://mail-archives.apache.org/mod_mbox/incubator-datafu-dev/201801.mbox/%3CCAA4Vo8DpgMgAzbbgAbdKTTqQ0m%3DyK5OLsACLEc8MeK1pwyv1NA%40mail.gmail.com%3E

Results:
3 binding +1 votes
No 0 votes
No -1 votes

I'd like to call a vote in general to approve the release.

The source release candidate RC0 can be downloaded here:

https://dist.apache.org/repos/dist/dev/incubator/datafu/apache-datafu-incubating-1.3.3-rc0/

The artifacts (i.e. JARs) built from 1.3.3 RC0 can be found here:

https://repository.apache.org/content/repositories/orgapachedatafu-1005/

These have been signed with PGP key 7BA4C7DF, corresponding to
[hidden email], which is included in the repository's KEYS file.  This
key can be found on keyservers, such as:

*http://pgp.mit.edu/pks/lookup?op=get&search=0x7BA4C7DF
<http://pgp.mit.edu/pks/lookup?op=get&search=0x7BA4C7DF>*

The key is also listed here:

https://people.apache.org/keys/group/datafu.asc

The release candidate has been tagged in git with release-1.3.3-rc0, which
has been signed with the same key.  I've also created a branch 1.3.3.

For reference, here is a list of all closed JIRAs tagged with 1.3.3:

https://issues.apache.org/jira/browse/DATAFU-126?jql=
project%20%3D%20DATAFU%20AND%20status%20%3D%20Closed%20AND%
20fixVersion%20%3D%201.3.3%20ORDER%20BY%20updated%20DESC%
2C%20created%20DESC%2C%20status%20DESC%2C%20priority%20DESC

For a summary of the changes in this release, see:

https://github.com/apache/incubator-datafu/blob/1.3.3/changes.md

This release also addresses feedback from an earlier discussion in general
regarding the SHA-512 file extension being incorrect according to release
distribution guidelines.

Please download the release candidate, check the hashes, check the
signatures, test it, and vote.  The vote will be open for 72 hours.

[ ] +1 approve
[ ] +0 no opinion
[ ] -1 disapprove (and reason why)

Thanks,
Matt, on behalf of the Apache DataFu PPMC
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache DataFu 1.3.3 release RC0

Justin Mclean
Hi,

Sorry but it’s -1 (binding) from me due to Category X license. Everything else looks good however.

The LICENSE mentions the he JSON license which is now category X and cannot be included or a dependancy of an Apache project. [1] This changed a year ago and, there was a grace period that has since expired. [4]

I checked:
- incubating in name
- signatures and hashes
- DISCLAIMER exists
- LICENSE and NOTICE good
- All file have ASF header
- No unexpected binary files
- Can compile from source

The year in NOTICE needs to be updated.

You may (but it’s not required) want to add bootstrap to your LICENSE file [2] even though it’s Apache licensed, some version are MIT licensed, so it can be a source of confusion. That may also mean that the glyphicons font is also under apache license not MIT as stated in LICENSE. See the very bottom of three [3] although what that page said when bootstrap v3.0.3 come up I’m not 100% sure.

I also note it only compiles on Java 1.7, might be time to try and getting to to work on 1.8?

Thanks,
Justin

1. https://www.apache.org/legal/resolved.html#json
2. apache-datafu-incubating-sources-1.3.3/site/source/stylesheets/bootstrap.css
3. http://glyphicons.com/license/
4. http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201705.mbox/%3C63D25F99-C5D1-4115-816B-477943FF40E3@...%3E
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache DataFu 1.3.3 release RC0

Matthew Hayes-2
Hi Justin,

Thanks for pointing out the json license issue.  I searched the code and
found only a small piece of code that uses it so it shouldn't be hard to
replace with an alternative.  For my understanding, when [1] states "CAN
APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?", does
either having the source code in the source release or having a build or
runtime dependency count as "including" the licensed work?  In our case we
have a build+runtime dependency but do not include the source code.

I'll take a look at your bootstrap license suggestion too.

Regarding Java 8, there is a JIRA filed for this [2] with a patch submitted
so it'll probably be taken care of for the next release.

1. https://www.apache.org/legal/resolved.html#json
2. https://issues.apache.org/jira/projects/DATAFU/issues/DATAFU-132


On Wed, Jan 17, 2018 at 8:36 PM, Justin Mclean <[hidden email]>
wrote:

> Hi,
>
> Sorry but it’s -1 (binding) from me due to Category X license. Everything
> else looks good however.
>
> The LICENSE mentions the he JSON license which is now category X and
> cannot be included or a dependancy of an Apache project. [1] This changed a
> year ago and, there was a grace period that has since expired. [4]
>
> I checked:
> - incubating in name
> - signatures and hashes
> - DISCLAIMER exists
> - LICENSE and NOTICE good
> - All file have ASF header
> - No unexpected binary files
> - Can compile from source
>
> The year in NOTICE needs to be updated.
>
> You may (but it’s not required) want to add bootstrap to your LICENSE file
> [2] even though it’s Apache licensed, some version are MIT licensed, so it
> can be a source of confusion. That may also mean that the glyphicons font
> is also under apache license not MIT as stated in LICENSE. See the very
> bottom of three [3] although what that page said when bootstrap v3.0.3 come
> up I’m not 100% sure.
>
> I also note it only compiles on Java 1.7, might be time to try and getting
> to to work on 1.8?
>
> Thanks,
> Justin
>
> 1. https://www.apache.org/legal/resolved.html#json
> 2. apache-datafu-incubating-sources-1.3.3/site/source/
> stylesheets/bootstrap.css
> 3. http://glyphicons.com/license/
> 4. http://mail-archives.apache.org/mod_mbox/www-legal-
> discuss/201705.mbox/%[hidden email]%3E
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache DataFu 1.3.3 release RC0

Justin Mclean
Hi,

> Thanks for pointing out the json license issue.  I searched the code and
> found only a small piece of code that uses it so it shouldn't be hard to
> replace with an alternative.  For my understanding, when [1] states "CAN
> APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?", does
> either having the source code in the source release or having a build or
> runtime dependency count as "including" the licensed work?  In our case we
> have a build+runtime dependency but do not include the source code.

Sorry to say but you can’t have a build or runtime dependancy and you can’t distribute it [1] unless it’s optional [2].

Thanks,
Justin

1. https://www.apache.org/legal/resolved.html#prohibited
2. https://www.apache.org/legal/resolved.html#optional


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache DataFu 1.3.3 release RC0

Matthew Hayes-2
Thanks Justin for clarifying.

On Wed, Jan 17, 2018 at 11:20 PM, Justin Mclean <[hidden email]>
wrote:

> Hi,
>
> > Thanks for pointing out the json license issue.  I searched the code and
> > found only a small piece of code that uses it so it shouldn't be hard to
> > replace with an alternative.  For my understanding, when [1] states "CAN
> > APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?", does
> > either having the source code in the source release or having a build or
> > runtime dependency count as "including" the licensed work?  In our case
> we
> > have a build+runtime dependency but do not include the source code.
>
> Sorry to say but you can’t have a build or runtime dependancy and you
> can’t distribute it [1] unless it’s optional [2].
>
> Thanks,
> Justin
>
> 1. https://www.apache.org/legal/resolved.html#prohibited
> 2. https://www.apache.org/legal/resolved.html#optional
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Apache DataFu 1.3.3 release RC0

Matthew Hayes-2
Justin, regrading the bootstrap and glyphicons licensing points you raised,
there was a github discussion in 2012 [1] [3] that led to the licensing
text in [2] about bootstrap's usage of glyphicons.  This discussion
predates the release of 3.0.3, which we are using.  So you're right that
glyphicons should be considered apache-2.0 licensed because we are using it
from the bootstrap distribution.  I will be updating [4] our LICENSE to
reflect that both bootstrap and glyphicons are apache-2.0 licensed.

[1] https://github.com/twbs/bootstrap/issues/3942#issuecomment-6869818
[2] http://glyphicons.com/license/
[3] https://github.com/twbs/bootstrap/issues/3942#issuecomment-12559146
[4] https://issues.apache.org/jira/projects/DATAFU/issues/DATAFU-134

On Thu, Jan 18, 2018 at 10:00 AM, Matthew Hayes <
[hidden email]> wrote:

> Thanks Justin for clarifying.
>
> On Wed, Jan 17, 2018 at 11:20 PM, Justin Mclean <[hidden email]>
> wrote:
>
>> Hi,
>>
>> > Thanks for pointing out the json license issue.  I searched the code and
>> > found only a small piece of code that uses it so it shouldn't be hard to
>> > replace with an alternative.  For my understanding, when [1] states "CAN
>> > APACHE PRODUCTS INCLUDE WORKS LICENSED UNDER THE JSON LICENSE?", does
>> > either having the source code in the source release or having a build or
>> > runtime dependency count as "including" the licensed work?  In our case
>> we
>> > have a build+runtime dependency but do not include the source code.
>>
>> Sorry to say but you can’t have a build or runtime dependancy and you
>> can’t distribute it [1] unless it’s optional [2].
>>
>> Thanks,
>> Justin
>>
>> 1. https://www.apache.org/legal/resolved.html#prohibited
>> 2. https://www.apache.org/legal/resolved.html#optional
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>