FYI, I've opened https://issues.apache.org/jira/browse/BEAM-4393 to track
this work and marked it as a 2.5.0 release blocker.
On Wed, May 23, 2018 at 9:15 AM Andrew Pilloud <apill...@google.com> wrote:
> I generated the list of jars to check using the following search:
>
> grep 'include(dependency(' $(find . -name 'build.gradle')
>
>
> Andrew
>
> On Tue, May 22, 2018 at 7:33 PM Kenneth Knowles <k...@google.com> wrote:
>
>> Did you look through all our jars or is that just a sample?
>>
>> Kenn
>>
>> On Tue, May 22, 2018 at 7:22 PM Davor Bonaci <da...@apache.org> wrote:
>>
>>> This analysis looks correct. Great find!
>>>
>>> The recommended fix would be different. I'd suggest appending this
>>> sentence to the end of the LICENSE file: "A part of several convenience
>>> binary distributions of this software is licensed as follows", followed by
>>> the full license text (including its copyright, clauses and disclaimer) --
>>> for each such case separately. Don't edit the NOTICE file.
>>>
>>> I'd suggest keeping things simple: no per-artifact license/notice, etc.
>>> Just two project-wide files, but I'd suggest including it/attaching it
>>> "everywhere". Opinions on this part may vary, but, for me, "everywhere"
>>> includes every jar file.
>>>
>>> Standard disclaimers apply.
>>>
>>> Any volunteers? Thanks so much!
>>>
>>> On Tue, May 22, 2018 at 4:02 PM, Andrew Pilloud <apill...@google.com>
>>> wrote:
>>>
>>>> Here is what I think might be missing:
>>>>
>>>> (1) what artifacts are impacted and where are they distributed
>>>>
>>>>
>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-core/2.4.0/beam-sdks-java-core-2.4.0.jar
>>>>
>>>> http://central.maven.org/maven2/org/apache/beam/beam-runners-direct-java/2.4.0/beam-runners-direct-java-2.4.0.jar
>>>>
>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-harness/2.4.0/beam-sdks-java-harness-2.4.0.jar
>>>>
>>>> http://central.maven.org/maven2/org/apache/beam/beam-sdks-java-extensions-sql/2.4.0/beam-sdks-java-extensions-sql-2.4.0.jar
>>>>
>>>> (2) the external dependency being distributed
>>>>
>>>> beam-sdks-java-core: protobuf
>>>> beam-runners-direct-java: protobuf
>>>> beam-runners-direct-java: jsr-305
>>>> beam-sdks-java-extensions-sql: janino-compiler
>>>>
>>>> (3) license and/or term not adhered to
>>>>
>>>> BSD 3 Clause: Redistributions in binary form must reproduce the above
>>>> copyright notice, this list of conditions and the following disclaimer in
>>>> the documentation and/or other materials provided with the distribution.
>>>>
>>>> (4) any proposed fix
>>>>
>>>> NOTICE file in the jar.
>>>>
>>>> I am not a lawyer, this is not legal advice.
>>>>
>>>> On Tue, May 22, 2018 at 2:55 PM Davor Bonaci <da...@apache.org> wrote:
>>>>
>>>>> Thanks for the report!
>>>>>
>>>>> Could you please comment more as to: (1) what artifacts are impacted
>>>>> and where are they distributed, (2) the external dependency being
>>>>> distributed, (3) license and/or term not adhered to, and (4) any proposed
>>>>> fix?
>>>>>
>>>>> Any such information would be helpful in triaging the problem --
>>>>> thanks so much!
>>>>>
>>>>> (If confirmed, this would be release blocking.)
>>>>>
>>>>> On Tue, May 22, 2018 at 2:37 PM, Lukasz Cwik <lc...@google.com> wrote:
>>>>>
>>>>>> Does it have to be part of the jar or is it good enough to be part of
>>>>>> the sources jar (as 2.4.0 had it part of the
>>>>>> beam-parent-2.4.0-source.zip
>>>>>> <http://central.maven.org/maven2/org/apache/beam/beam-parent/2.4.0/beam-parent-2.4.0-source.zip>
>>>>>> )?
>>>>>>
>>>>>> On Tue, May 22, 2018 at 11:16 AM Andrew Pilloud <apill...@google.com>
>>>>>> wrote:
>>>>>>
>>>>>>> I was digging around in the SQL jar trying to debug some packaging
>>>>>>> issues and noticed that we aren't including the copyright notices from
>>>>>>> the
>>>>>>> packages we are shading. I also looked at our previously released jars
>>>>>>> and
>>>>>>> they are the same (so this isn't a regression). Should we be including
>>>>>>> the
>>>>>>> copyright notice from packages we are redistributing?
>>>>>>>
>>>>>>> Andrew
>>>>>>>
>>>>>>
>>>>>
>>>
