Could we continue to provide those binary artifacts as "unofficial" releases via our own website?
Ceej aka Chris Hillery On Oct 8, 2015 1:40 PM, "Ian Maxon" <[email protected]> wrote: > Hm, alright, if that's something that seems valuable, then I'm OK with it. > I suppose my eyes were set on getting the asterix-installer and > asterix-yarn packagings out, since that's usually what end-users are > downloading first. It is true that this has taken a lot longer than I think > anyone would've liked. > > -Ian > > On Thu, Oct 8, 2015 at 1:25 PM, Chris Hillery <[email protected]> > wrote: > > > That sounds like a reasonable idea to me. If Ate is right that this > usually > > takes several releases to get correct, it could be a really long time > > before we have binaries fully ready to go. This release has already taken > > months longer than expected; let's have a source-only release for now so > we > > can continue moving forward. > > > > Ceej > > aka Chris Hillery > > On Oct 8, 2015 1:15 PM, "Till Westmann" <[email protected]> wrote: > > > > > Would it also be an option to > > > a) release the current release in source-only form, > > > b) not advertise/distribute the binaries for now, and > > > c) fix this for the next release? > > > > > > Right now we have zero AsterixDB releases at the ASF and that way > > > we could have one that people have to build on their own (which is > > > the usual way at the ASF and no rocket science for any developer). > > > Also, I think that individual developer can still build a binary and > > > give it to someone for testing, it’s just not an ASF artifact at > > > that point. > > > > > > Thoughts/Concerns? > > > > > > Cheers, > > > Till > > > > > > > > > On 7 Oct 2015, at 15:49, Ian Maxon wrote: > > > > > > I see, thank you for the very detailed analysis Ate. I think we will > have > > >> to fix all of the binary assemblies to conform. What's in Maven is > > >> important, as well as the bundled zips and such. Our usual method of > > >> distribution to end-users is via those bundled zips, rather than > source. > > >> In > > >> fact we actually had to add the source assembly specifically for > voting, > > >> typically developers or folks who need special patches simply check > out > > >> from git. > > >> More info/updates to come as I dig into how to coax maven into doing > > this > > >> nicely... > > >> > > >> Thanks again, > > >> -Ian > > >> > > >> On Wed, Oct 7, 2015 at 3:24 PM, Ate Douma <[email protected]> wrote: > > >> > > >> Hi team, > > >>> > > >>> I either can +1 or -1 this release candidate, depending on if the > > staged > > >>> maven repository provided artifacts are also intended to be > > >>> distributed... > > >>> > > >>> For just the source release (like for the Hyracks release), I think > it > > is > > >>> good to go, so +1 for that. > > >>> > > >>> But for the binary artifacts in the Maven repo, it is definitely a > -1. > > >>> > > >>> So either you'll drop/skip releasing to the Maven repo for this time, > > and > > >>> then you might be good (pending possible feedback from others), or > this > > >>> vote better be cancelled and prepare for a lot of work to get this > > fixed > > >>> first... > > >>> > > >>> As I already mentioned on the Hyracks release candidate: LICENSE, > > NOTICE > > >>> and DISCLAIMER requirements apply to all released/distributed > > artifacts. > > >>> As such, all the build artifacts in the Maven repository also have to > > >>> contain and provide these... > > >>> Please check again the requirements for binary (re)distributions > here: > > >>> > > >>> > http://www.apache.org/dev/licensing-howto.html#bundled-vs-non-bundled > > >>> http://www.apache.org/dev/licensing-howto.html#deps-of-deps > > >>> http://www.apache.org/dev/licensing-howto.html#binary > > >>> > > >>> And in general everything on whole page. > > >>> > > >>> Some of the Maven repo jars already do have the 'verbatim' Apache > > LICENSE > > >>> and NOTICE files, but none provide the Incubator DISCLAIMER, which in > > >>> addition to the above rules also is required for every distribution > > from > > >>> the Incubator. > > >>> > > >>> And some others jars don't even bundle a LICENSE and NOTICE file like > > >>> asterix-common-0.8.7-incubating.jar (there are possibly more, I > didn't > > >>> check each and every one). > > >>> > > >>> And besides this, aggregating distributions like all .zip|.tar etc. > > files > > >>> contain none of these files. Including module -source-release.zip > files > > >>> like asterix-events-0.8.7-incubating-source-release.zip and the > > -demo.zip > > >>> files. > > >>> > > >>> All of these artifacts when released/distributed have to comply to > the > > >>> above rules. > > >>> Which most definitely isn't a trivial task to comply with and > typically > > >>> takes several iterations to get right... Painful yes, but necessary. > > >>> Once setup and configured properly though, thereafter it usually > > doesn't > > >>> require a lot of work to keep it up to date. > > >>> > > >>> But getting it right the first time will. > > >>> Just saying so that you'll all be aware this isn't something likely > > >>> fixable in a few minutes or even hours... > > >>> > > >>> Two important things to keep in mind: > > >>> - LICENSE and NOTICE files must be tailored specifically to the > > >>> distribution containing them, providing attribution to what the > > >>> distribution contains, but nothing more. > > >>> For example 3rd party embedded sources like JQuery require license > > >>> attribution, but NOT in artifacts NOT embedding them. > > >>> So the asterix-app should indeed mention this in the LICENSE file in > > its > > >>> jar AND -binary-assembly.zip, but for example the asterix-algebra jar > > >>> should NOT. > > >>> - Distributions bundling other distributions must aggregate possible > > >>> LICENSE and NOTICE attributions of those other distributions within > > their > > >>> main LICENSE and NOTICE file. > > >>> So for example, the LICENSE and NOTICE files in the asterix-app > > >>> binary-assembly.zip must aggregate those from the bundled/embedded > > >>> asterix-app *jar*. > > >>> And further more, as the binary-assembly.zip bundles many other, > > >>> including 3rd party, jars, their LICENSE and/or NOTICE attributions > > needs > > >>> to be aggregated as well (when needed, which depends on the > particular > > >>> LICENSE and/or NOTICE). Including possible other licenses applicable > to > > >>> those bundled jars (or whatever bundled bits). > > >>> And for aggregates of aggregates, like the asterix-installer > > >>> binary-assembly.zip, this has to be done 'transitively'. Yeah, a lot > of > > >>> work indeed. > > >>> > > >>> I also like to refer back to the [DISCUSS] mail I send earlier on the > > >>> Hyracks release candidate, where I already indicated this to become > > >>> critical when releasing binary artifacts. > > >>> And to a few suggestions I gave then like configuring the > > >>> apache-incubator-disclaimer-resource-bundle to ensure the DISCLAIMER > > file > > >>> will automatically added to all generated jars (but not in assembled > > >>> artifacts). > > >>> And to leverage automatic *appending* specific LICENSE/NOTICE file > > >>> fragments for specific modules which embed 3rd party resources, via > > >>> src/main/appended-resources/META-INF/LICENSE and/or ./NOTICE files. > > >>> > > >>> I'm happy to try help out if this raises questions (and I expect it > > >>> will), > > >>> but that'll be more practical to do case by case. > > >>> Trying to write down such 'guidelines' generically typically just > leads > > >>> to > > >>> more confusion :) > > >>> > > >>> Kind regards, > > >>> Ate > > >>> > > >>> > > >>> On 2015-10-05 22:16, Ian Maxon wrote: > > >>> > > >>> Hi everyone, > > >>>> > > >>>> Please verify and vote on the first full Apache AsterixDB release! > > >>>> This candidate addresses some of the differences that were noticed > > >>>> between the tagged commit in git and the source packaging. > > >>>> > > >>>> The tag to be voted on is > > >>>> > > >>>> asterix-0.8.7-incubating > > >>>> commit : d2e1e89cfdf39e2b772dff2600913bb79644a380 > > >>>> link: > > >>>> > > >>>> > > > https://git-wip-us.apache.org/repos/asf?p=incubator-asterixdb.git;a=tag;h=refs/tags/asterix-0.8.7-incubating > > >>>> > > >>>> The artifacts, md5s, and signatures are at: > > >>>> > > >>>> > > >>>> > > >>>> > > > https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip > > >>>> > > >>>> > > >>>> > > > https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.asc > > >>>> > > >>>> > > >>>> > > > https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.md5 > > >>>> > > >>>> > > >>>> > > > https://dist.apache.org/repos/dist/dev/incubator/asterixdb/asterix-0.8.7-incubating-source-release.zip.sha1 > > >>>> > > >>>> MD5: 7330e6d6c2dd691ae3ab6a641e4d5344 > > >>>> SHA1: bf0b4a2ceaa26bcf1fcda33fee1ba227e31a88ba > > >>>> > > >>>> Additionally, a staged maven repository is available at: > > >>>> > > >>>> > > > https://repository.apache.org/content/repositories/orgapacheasterix-1014/ > > >>>> > > >>>> The KEYS file containing the PGP keys used to sign the release can > be > > >>>> found at > > >>>> > > >>>> https://dist.apache.org/repos/dist/release/incubator/asterixdb/KEYS > > >>>> > > >>>> RAT was executed as part of Maven via the RAT maven plugin, as well > as > > >>>> manually, but it > > >>>> excludes the following paths: > > >>>> > > >>>> .*\.adm > > >>>> .*\.aql > > >>>> .*\.cleaned > > >>>> .*\.csv > > >>>> .*\.csv.cr > > >>>> .*\.csv.crlf > > >>>> .*\.csv.lf > > >>>> .*\.ddl > > >>>> .*\.dot > > >>>> .*\.hcli > > >>>> .*\.iml > > >>>> .*\.json > > >>>> .*\.out > > >>>> .*\.plan > > >>>> .*\.ps > > >>>> .*\.scm > > >>>> .*\.tbl > > >>>> .*\.tbl\.big > > >>>> .*\.tsv > > >>>> .*\.txt > > >>>> .*large_text > > >>>> .*part-00000 > > >>>> .*part-00001 > > >>>> > > >>>> .*\.goutputstream-YQMB2V > > >>>> .*02-fuzzy-select > > >>>> .*LockRequestFile > > >>>> .*hosts > > >>>> .*id_rsa > > >>>> .*known_hosts > > >>>> > > >>>> .*bottle.py > > >>>> .*geostats.js > > >>>> .*jquery.autosize-min.js > > >>>> .*jquery.min.js > > >>>> .*rainbowvis.js > > >>>> .*smoothie.js > > >>>> > > >>>> > > >>>> These files either are either data for tests, procedurally > generated, > > >>>> or source files which come without a header mentioning their > license, > > >>>> but have an explicit reference in the LICENSE file. > > >>>> > > >>>> The complete RAT report is available at: > > >>>> > > >>>> > > >>>> > > > https://gist.githubusercontent.com/westmann/b6ed4b25bea44adcd526/raw/be93ff0c1d13c2ce7c88a2b713ace130b5e7ef5f/gistfile1.txt > > >>>> > > >>>> The vote is open for 72 hours, or until the necessary number of > votes > > >>>> (3 +1) has been reached. > > >>>> > > >>>> Please vote > > >>>> [ ] +1 release this package as Apache AsterixDB 0.8.7-incubating > > >>>> [ ] 0 No strong feeling either way > > >>>> [ ] -1 do not release this package because ... > > >>>> > > >>>> Thanks! > > >>>> -Ian > > >>>> > > >>>> > > >>>> > > >>> > > >
