There is likely some wiggle room, but, without good reason as to why
it's too onerous to fix now, I'd prefer to not explore that space.
Understanding the licenses on Gossip's dependencies is something the
podling as a whole needs to monitor/track on their own. This is not
nearly as terrible as many other TLPs, so I'd like to be a force some
immediate action here.
If this isn't a quick fix, I'm happy to step off of my soapbox. I'll let
Ed comment to that effect (but I think there's a PR up already, so I
assume it's not).
Drew Farris wrote:
I may be incorrect here, I need to do some research; The license issue may
be a barrier to graduation but may not prevent releases while incubating.
Josh, do you recall offhand?
Drew
On Tue, Jan 3, 2017 at 11:45 AM Josh Elser<[email protected]> wrote:
-1 due to a dependency on a project with a category-X license [1].
Gossip is transitively depending on org.json:json via
jackson-datatype-json-org.
```
[INFO] org.apache.gossip:gossip:jar:0.1.1-incubating
[INFO] +- com.fasterxml.jackson:jackson-datatype-json-org:jar:1.8.0:compile
[INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.8.6:compile
[INFO] | | \- org.codehaus.jackson:jackson-core-asl:jar:1.8.6:compile
[INFO] | \- org.json:json:jar:20090211:compile
```
org.json:json is licensed with the JSON license which the ASF has
recently moved to category-X [2]. Debian has a list of some
alternatives[3] which can be used instead. This would need to be
resolved before your release.
I know in Calcite we use jackson-databind for JSON serialization of
POJOs and that doesn't have the dependency on org.json:json. Perhaps
this can be easily resolved switching the jackson dependencies and maybe
some API calls.
Good:
* xsums/sigs match (for source-release.zip)
* KEYS looks good
* Can build from source
* DISCLAIMER is present
I see that the rc1 tag was pushed, and will assume that the next VOTE
message will get that right too. Re-stating this one as I can't verify
that presently.
Nit:
* Wrong header in the src/**/log4j.properties files. Update it to match
the header in the rest of the java files. Fix for next release.
* Year in NOTICE is now out of date. Fix for next release.
* Use "Apache Gossip" for the first mention of "Gossip" in the
README.md. Fix for next release.
* Add the license text to the README and eclipse template as it's
trivial to do so for both (xml and md both support "comments"). Fix for
next release.
* Tests failed for me (on a `mvn package`). Not a release issue, just a
quality issue. I would expect that all of the tests would pass, and just
wanted to mention it.
```
Failed tests:
ShutdownDeadtimeTest.DeadNodesDoNotComeAliveAgain:103
ComparisonFailure expected:<[16]> but was:<[8]>
StartupSettingsTest.testUsingSettingsFile:69 » Runtime
java.net.BindException:...
TenNodeThreeSeedTest.test:44->abc:78 » Runtime
java.net.BindException: Address...
TenNodeThreeSeedTest.testAgain:49->abc:78 » Runtime
java.net.BindException: Ad...
```
- Josh
[1] https://www.apache.org/legal/resolved#category-x
[2] https://www.apache.org/legal/resolved#json
[3] https://wiki.debian.org/qa.debian.org/jsonevil
Edward Capriolo wrote:
I am pleased to be calling this vote for the source release of Apache
Gossip
Ancillary artifacts such as poms, jars, wars, ect. can be found here:
https://repository.apache.org/content/repositories/orgapachegossip-1001
The Git commit ID is:
https://github.com/edwardcapriolo/incubator-gossip/commit/74133870410fec45bd6cac39351fcbbe0950de18
Which will be tagged as gossip-0.1.1-incubating
https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564
Checksums of
https://repository.apache.org/content/repositories/orgapachegossip-1001/org/apache/gossip/gossip/0.1.1-incubating/gossip-0.1.1-incubating-source-release.zip.asc
:
SHA1: 53ca6498d0f704fe7931ec23ca81a638a1fd666c
MD5: c27067c47bdeb6133660beda908f679c
Release artifacts are signed with the following key:
http://people.apache.org/~ecapriolo/
http://people.apache.org/~ecapriolo/ecapriolo_asf.asc
KEYS file available here:
https://dist.apache.org/repos/dist/release/incubator/rya/KEYS
The vote will be open for 72 hours. Please download the release candidate
and evaluate the necessary items including checking hashes, signatures,
build from source, and test.
Release this package?
[ ] +1 yes
[ ] +0 no opinion
[ ] -1 Do not release this package because because...
