Hi Sean and Wendell, I share your concerns about how difficult and important it is to get this right. I think that the Spark community has compiled a very readable and well organized NOTICE file. A lot of careful thought went into gathering together 3rd party projects which share the same license text.
All I can offer is my own experience of having served as a release manager for a sister Apache project (Derby) over the past ten years. The Derby NOTICE file recites 3rd party licenses verbatim. This is also the approach taken by the THIRDPARTYLICENSEREADME.txt in the JDK. I am not a lawyer. However, I have great respect for the experience and legal sensitivities of the people who compile that JDK license file. Under your guidance, I would be happy to help compile a NOTICE file which follows the pattern used by Derby and the JDK. This effort might proceed in parallel with vetting 1.5.1 and could be targeted at a later release vehicle. I don't think that the ASF's exposure is greatly increased by one more release which follows the old pattern. Another comment inline... Patrick Wendell <pwend...@gmail.com> wrote on 09/24/2015 10:24:25 AM: > From: Patrick Wendell <pwend...@gmail.com> > To: Sean Owen <so...@cloudera.com> > Cc: Richard Hillegas/San Francisco/IBM@IBMUS, "dev@spark.apache.org" > <dev@spark.apache.org> > Date: 09/24/2015 10:24 AM > Subject: Re: [VOTE] Release Apache Spark 1.5.1 (RC1) > > Hey Richard, > > My assessment (just looked before I saw Sean's email) is the same as > his. The NOTICE file embeds other projects' licenses. This may be where our perspectives diverge. I did not find those licenses embedded in the NOTICE file. As I see it, the licenses are cited but not included. Thanks, -Rick > If those > licenses themselves have pointers to other files or dependencies, we > don't embed them. I think this is standard practice. > > - Patrick > > On Thu, Sep 24, 2015 at 10:00 AM, Sean Owen <so...@cloudera.com> wrote: > > Hi Richard, those are messages reproduced from other projects' NOTICE > > files, not created by Spark. They need to be reproduced in Spark's > > NOTICE file to comply with the license, but their text may or may not > > apply to Spark's distribution. The intent is that users would track > > this back to the source project if interested to investigate what the > > upstream notice is about. > > > > Requirements vary by license, but I do not believe there is additional > > requirement to reproduce these other files. Their license information > > is already indicated in accordance with the license terms. > > > > What licenses are you looking for in LICENSE that you believe > should be there? > > > > Getting all this right is both difficult and important. I've made some > > efforts over time to strictly comply with the Apache take on > > licensing, which is at http://www.apache.org/legal/resolved.html It's > > entirely possible there's still a mistake somewhere in here (possibly > > a new dependency, etc). Please point it out if you see such a thing. > > > > But so far what you describe is "working as intended", as far as I > > know, according to Apache. > > > > > > On Thu, Sep 24, 2015 at 5:52 PM, Richard Hillegas > <rhil...@us.ibm.com> wrote: > >> -1 (non-binding) > >> > >> I was able to build Spark cleanly from the source distribution using the > >> command in README.md: > >> > >> build/mvn -DskipTests clean package > >> > >> However, while I was waiting for the build to complete, I started going > >> through the NOTICE file. I was confused about where to find > licenses for 3rd > >> party software bundled with Spark. About halfway through the NOTICE file, > >> starting with Java Collections Framework, there is a list of > licenses of the > >> form > >> > >> license/*.txt > >> > >> But there is no license subdirectory in the source distro. I couldn't find > >> the *.txt license files for Java Collections Framework, Base64 Encoder, or > >> JZlib anywhere in the source distro. I couldn't find those files in license > >> subdirectories at the indicated home pages for those projects. (I did find > >> the license for JZLIB somewhere else, however: > >> http://www.jcraft.com/jzlib/LICENSE.txt.) > >> > >> In addition, I couldn't find licenses for those projects in the master > >> LICENSE file. > >> > >> Are users supposed to get licenses from the indicated 3rd party web sites? > >> Those online licenses could change. I would feel more comfortableif the ASF > >> were protected by our bundling the licenses inside our source distros. > >> > >> After looking for those three licenses, I stopped reading the NOTICE file. > >> Maybe I'm confused about how to read the NOTICE file. Where should users > >> expect to find the 3rd party licenses? > >> > >> Thanks, > >> -Rick > >> > >> Reynold Xin <r...@databricks.com> wrote on 09/24/2015 12:27:25 AM: > >> > >>> From: Reynold Xin <r...@databricks.com> > >>> To: "dev@spark.apache.org" <dev@spark.apache.org> > >>> Date: 09/24/2015 12:28 AM > >>> Subject: [VOTE] Release Apache Spark 1.5.1 (RC1) > >> > >> > >>> > >>> Please vote on releasing the following candidate as Apache Spark > >>> version 1.5.1. The vote is open until Sun, Sep 27, 2015 at 10:00 UTC > >>> and passes if a majority of at least 3 +1 PMC votes are cast. > >>> > >>> [ ] +1 Release this package as Apache Spark 1.5.1 > >>> [ ] -1 Do not release this package because ... > >>> > >>> The release fixes 81 known issues in Spark 1.5.0, listed here: > >>> http://s.apache.org/spark-1.5.1 > >>> > >>> The tag to be voted on is v1.5.1-rc1: > >>> https://github.com/apache/spark/commit/ > >>> 4df97937dbf68a9868de58408b9be0bf87dbbb94 > >>> > >>> The release files, including signatures, digests, etc. can be found at: > >>> http://people.apache.org/~pwendell/spark-releases/spark-1.5.1-rc1-bin/ > >>> > >>> Release artifacts are signed with the following key: > >>> https://people.apache.org/keys/committer/pwendell.asc > >>> > >>> The staging repository for this release (1.5.1) can be found at: > >>> https://repository.apache.org/content/repositories/orgapachespark-1148/ > >>> > >>> The documentation corresponding to this release can be found at: > >>> http://people.apache.org/~pwendell/spark-releases/spark-1.5.1-rc1-docs/ > >>> > >>> ======================================= > >>> How can I help test this release? > >>> ======================================= > >>> If you are a Spark user, you can help us test this release by taking > >>> an existing Spark workload and running on this release candidate, > >>> then reporting any regressions. > >>> > >>> ================================================ > >>> What justifies a -1 vote for this release? > >>> ================================================ > >>> -1 vote should occur for regressions from Spark 1.5.0. Bugs already > >>> present in 1.5.0 will not block this release. > >>> > >>> =============================================================== > >>> What should happen to JIRA tickets still targeting 1.5.1? > >>> =============================================================== > >>> Please target 1.5.2 or 1.6.0. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@spark.apache.org > > For additional commands, e-mail: dev-h...@spark.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@spark.apache.org > For additional commands, e-mail: dev-h...@spark.apache.org >
