Our LICENSE/NOTICE files in the binary distribution may also be botched
(and may have been for quite some time).
As per http://www.apache.org/dev/licensing-howto.html#binary "|[...]
LICENSE| and |NOTICE| must *exactly* represent the contents of the
distribution they reside in.", which also applies to binary
distributions as "/Any redistribution must obey the licensing
requirements of the contents."/
My conclusion is that any dependency bundled in the distribution must be
accounted for in the NOTICE/LICENSE files. Given that we already include
several MIT licenses in the LICENSE file (exclusively WebUI stuff) it
thus follows that at the very least all MIT dependencies should be
listed here.
On 21.11.2018 15:04, Chesnay Schepler wrote:
I may have found a potential blocker while looking at dependencies:
flink-tests now has a non-optional test dependency on oshi-core, which
is licensed under EPL 1.0.
As per https://issues.apache.org/jira/browse/LEGAL-207, test
dependencies are not exempt from license restrictions.
We thus have to make this dependency optional or provide some other
opt-in mechanism for users.
On 20.11.2018 15:30, Till Rohrmann wrote:
Hi everyone,
Please review and vote on the release candidate #2 for the version
1.7.0,
as follows:
[ ] +1, Approve the release
[ ] -1, Do not approve the release (please provide specific comments)
The complete staging area is available for your review, which includes:
* JIRA release notes [1],
* the official Apache source release and binary convenience releases
to be
deployed to dist.apache.org [2], which are signed with the key with
fingerprint 1F302569A96CFFD5 [3],
* all artifacts to be deployed to the Maven Central Repository [4],
* source code tag "release-1.7.0-rc2" [5],
Please use this document for coordinating testing efforts: [6]
The vote will be open for at least 72 hours. It is adopted by majority
approval, with at least 3 PMC affirmative votes.
Thanks,
Till
[1]
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315522&version=12343585
[2] https://dist.apache.org/repos/dist/dev/flink/flink-1.7.0-rc2/
[3] https://dist.apache.org/repos/dist/release/flink/KEYS
[4]
https://repository.apache.org/content/repositories/orgapacheflink-1194
[5] https://github.com/apache/flink/tree/release-1.7.0-rc2
[6]
https://docs.google.com/document/d/18SqvSFQLru0JDkCBZ5356yNmcZgYBEn1ydqg5VFEpiw/edit?usp=sharing
Pro-tip: you can create a settings.xml file with these contents:
<settings>
<activeProfiles>
<activeProfile>flink-1.7.0</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>flink-1.7.0</id>
<repositories>
<repository>
<id>flink-1.7.0</id>
<url>
https://repository.apache.org/content/repositories/orgapacheflink-1194/
</url>
</repository>
<repository>
<id>archetype</id>
<url>
https://repository.apache.org/content/repositories/orgapacheflink-1194/
</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
And reference that in you maven commands via --settings
path/to/settings.xml. This is useful for creating a quickstart based
on the
staged release and for building against the staged jars.