That sounds like a reasonable idea to me. If Ate is right that this usually takes several releases to get correct, it could be a really long time before we have binaries fully ready to go. This release has already taken months longer than expected; let's have a source-only release for now so we can continue moving forward.
Ceej aka Chris Hillery On Oct 8, 2015 1:15 PM, "Till Westmann" <[email protected]> wrote: > Would it also be an option to > a) release the current release in source-only form, > b) not advertise/distribute the binaries for now, and > c) fix this for the next release? > > Right now we have zero AsterixDB releases at the ASF and that way > we could have one that people have to build on their own (which is > the usual way at the ASF and no rocket science for any developer). > Also, I think that individual developer can still build a binary and > give it to someone for testing, it’s just not an ASF artifact at > that point. > > Thoughts/Concerns? > > Cheers, > Till > > > On 7 Oct 2015, at 15:49, Ian Maxon wrote: > > I see, thank you for the very detailed analysis Ate. I think we will have >> to fix all of the binary assemblies to conform. What's in Maven is >> important, as well as the bundled zips and such. Our usual method of >> distribution to end-users is via those bundled zips, rather than source. >> In >> fact we actually had to add the source assembly specifically for voting, >> typically developers or folks who need special patches simply check out >> from git. >> More info/updates to come as I dig into how to coax maven into doing this >> nicely... >> >> Thanks again, >> -Ian >> >> On Wed, Oct 7, 2015 at 3:24 PM, Ate Douma <[email protected]> wrote: >> >> Hi team, >>> >>> I either can +1 or -1 this release candidate, depending on if the staged >>> maven repository provided artifacts are also intended to be >>> distributed... >>> >>> For just the source release (like for the Hyracks release), I think it is >>> good to go, so +1 for that. >>> >>> But for the binary artifacts in the Maven repo, it is definitely a -1. >>> >>> So either you'll drop/skip releasing to the Maven repo for this time, and >>> then you might be good (pending possible feedback from others), or this >>> vote better be cancelled and prepare for a lot of work to get this fixed >>> first... >>> >>> As I already mentioned on the Hyracks release candidate: LICENSE, NOTICE >>> and DISCLAIMER requirements apply to all released/distributed artifacts. >>> As such, all the build artifacts in the Maven repository also have to >>> contain and provide these... >>> Please check again the requirements for binary (re)distributions here: >>> >>> http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled >>> http://www.apache.org/dev/licensing-howto.html#deps-of-deps >>> http://www.apache.org/dev/licensing-howto.html#binary >>> >>> And in general everything on whole page. >>> >>> Some of the Maven repo jars already do have the 'verbatim' Apache LICENSE >>> and NOTICE files, but none provide the Incubator DISCLAIMER, which in >>> addition to the above rules also is required for every distribution from >>> the Incubator. >>> >>> And some others jars don't even bundle a LICENSE and NOTICE file like >>> asterix-common-0.8.7-incubating.jar (there are possibly more, I didn't >>> check each and every one). >>> >>> And besides this, aggregating distributions like all .zip|.tar etc. files >>> contain none of these files. Including module -source-release.zip files >>> like asterix-events-0.8.7-incubating-source-release.zip and the -demo.zip >>> files. >>> >>> All of these artifacts when released/distributed have to comply to the >>> above rules. >>> Which most definitely isn't a trivial task to comply with and typically >>> takes several iterations to get right... Painful yes, but necessary. >>> Once setup and configured properly though, thereafter it usually doesn't >>> require a lot of work to keep it up to date. >>> >>> But getting it right the first time will. >>> Just saying so that you'll all be aware this isn't something likely >>> fixable in a few minutes or even hours... >>> >>> Two important things to keep in mind: >>> - LICENSE and NOTICE files must be tailored specifically to the >>> distribution containing them, providing attribution to what the >>> distribution contains, but nothing more. >>> For example 3rd party embedded sources like JQuery require license >>> attribution, but NOT in artifacts NOT embedding them. >>> So the asterix-app should indeed mention this in the LICENSE file in its >>> jar AND -binary-assembly.zip, but for example the asterix-algebra jar >>> should NOT. >>> - Distributions bundling other distributions must aggregate possible >>> LICENSE and NOTICE attributions of those other distributions within their >>> main LICENSE and NOTICE file. >>> So for example, the LICENSE and NOTICE files in the asterix-app >>> binary-assembly.zip must aggregate those from the bundled/embedded >>> asterix-app *jar*. >>> And further more, as the binary-assembly.zip bundles many other, >>> including 3rd party, jars, their LICENSE and/or NOTICE attributions needs >>> to be aggregated as well (when needed, which depends on the particular >>> LICENSE and/or NOTICE). Including possible other licenses applicable to >>> those bundled jars (or whatever bundled bits). >>> And for aggregates of aggregates, like the asterix-installer >>> binary-assembly.zip, this has to be done 'transitively'. Yeah, a lot of >>> work indeed. >>> >>> I also like to refer back to the [DISCUSS] mail I send earlier on the >>> Hyracks release candidate, where I already indicated this to become >>> critical when releasing binary artifacts. >>> And to a few suggestions I gave then like configuring the >>> apache-incubator-disclaimer-resource-bundle to ensure the DISCLAIMER file >>> will automatically added to all generated jars (but not in assembled >>> artifacts). >>> And to leverage automatic *appending* specific LICENSE/NOTICE file >>> fragments for specific modules which embed 3rd party resources, via >>> src/main/appended-resources/META-INF/LICENSE and/or ./NOTICE files. >>> >>> I'm happy to try help out if this raises questions (and I expect it >>> will), >>> but that'll be more practical to do case by case. >>> Trying to write down such 'guidelines' generically typically just leads >>> to >>> more confusion :) >>> >>> Kind regards, >>> Ate >>> >>> >>> On 2015-10-05 22:16, Ian Maxon wrote: >>> >>> Hi everyone, >>>> >>>> Please verify and vote on the first full Apache AsterixDB release! >>>> This candidate addresses some of the differences that were noticed >>>> between the tagged commit in git and the source packaging. >>>> >>>> The tag to be voted on is >>>> >>>> asterix-0.8.7-incubating >>>> commit : d2e1e89cfdf39e2b772dff2600913bb79644a380 >>>> link: >>>> >>>> https://git-wip-us.apache.org/repos/asf?p=incubator-asterixdb.git;a=tag;h=refs/tags/asterix-0.8.7-incubating >>>> >>>> The artifacts, md5s, and signatures are at: >>>> >>>> >>>> >>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip >>>> >>>> >>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.asc >>>> >>>> >>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.md5 >>>> >>>> >>>> https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.sha1 >>>> >>>> MD5: 7330e6d6c2dd691ae3ab6a641e4d5344 >>>> SHA1: bf0b4a2ceaa26bcf1fcda33fee1ba227e31a88ba >>>> >>>> Additionally, a staged maven repository is available at: >>>> >>>> https://repository.apache.org/content/repositories/orgapacheasterix-1014/ >>>> >>>> The KEYS file containing the PGP keys used to sign the release can be >>>> found at >>>> >>>> https://dist.apache.org/repos/dist/release/incubator/asterixdb/KEYS >>>> >>>> RAT was executed as part of Maven via the RAT maven plugin, as well as >>>> manually, but it >>>> excludes the following paths: >>>> >>>> .*\.adm >>>> .*\.aql >>>> .*\.cleaned >>>> .*\.csv >>>> .*\.csv.cr >>>> .*\.csv.crlf >>>> .*\.csv.lf >>>> .*\.ddl >>>> .*\.dot >>>> .*\.hcli >>>> .*\.iml >>>> .*\.json >>>> .*\.out >>>> .*\.plan >>>> .*\.ps >>>> .*\.scm >>>> .*\.tbl >>>> .*\.tbl\.big >>>> .*\.tsv >>>> .*\.txt >>>> .*large_text >>>> .*part-00000 >>>> .*part-00001 >>>> >>>> .*\.goutputstream-YQMB2V >>>> .*02-fuzzy-select >>>> .*LockRequestFile >>>> .*hosts >>>> .*id_rsa >>>> .*known_hosts >>>> >>>> .*bottle.py >>>> .*geostats.js >>>> .*jquery.autosize-min.js >>>> .*jquery.min.js >>>> .*rainbowvis.js >>>> .*smoothie.js >>>> >>>> >>>> These files either are either data for tests, procedurally generated, >>>> or source files which come without a header mentioning their license, >>>> but have an explicit reference in the LICENSE file. >>>> >>>> The complete RAT report is available at: >>>> >>>> >>>> https://gist.githubusercontent.com/westmann/b6ed4b25bea44adcd526/raw/be93ff0c1d13c2ce7c88a2b713ace130b5e7ef5f/gistfile1.txt >>>> >>>> The vote is open for 72 hours, or until the necessary number of votes >>>> (3 +1) has been reached. >>>> >>>> Please vote >>>> [ ] +1 release this package as Apache AsterixDB 0.8.7-incubating >>>> [ ] 0 No strong feeling either way >>>> [ ] -1 do not release this package because ... >>>> >>>> Thanks! >>>> -Ian >>>> >>>> >>>> >>>
