On Tue, Jan 3, 2017 at 10:45 AM, Josh Elser <[email protected]> wrote:
> -1 due to a dependency on a project with a category-X license [1]. > Wait. So you're saying that a transitive category-X licensed dependency is verboten even when we do not include the binary or the source? That page doesn't do a good job describing how "include" should be interpreted. "include" != "depend" if you ask me. Cheers, Gary. > > Gossip is transitively depending on org.json:json via > jackson-datatype-json-org. > > ``` > [INFO] org.apache.gossip:gossip:jar:0.1.1-incubating > [INFO] +- com.fasterxml.jackson:jackson-datatype-json-org:jar:1.8.0:co > mpile > [INFO] | +- org.codehaus.jackson:jackson-mapper-asl:jar:1.8.6:compile > [INFO] | | \- org.codehaus.jackson:jackson-core-asl:jar:1.8.6:compile > [INFO] | \- org.json:json:jar:20090211:compile > ``` > > org.json:json is licensed with the JSON license which the ASF has recently > moved to category-X [2]. Debian has a list of some alternatives[3] which > can be used instead. This would need to be resolved before your release. > > I know in Calcite we use jackson-databind for JSON serialization of POJOs > and that doesn't have the dependency on org.json:json. Perhaps this can be > easily resolved switching the jackson dependencies and maybe some API calls. > > Good: > > * xsums/sigs match (for source-release.zip) > * KEYS looks good > * Can build from source > * DISCLAIMER is present > > I see that the rc1 tag was pushed, and will assume that the next VOTE > message will get that right too. Re-stating this one as I can't verify that > presently. > > Nit: > > * Wrong header in the src/**/log4j.properties files. Update it to match > the header in the rest of the java files. Fix for next release. > * Year in NOTICE is now out of date. Fix for next release. > * Use "Apache Gossip" for the first mention of "Gossip" in the README.md. > Fix for next release. > * Add the license text to the README and eclipse template as it's trivial > to do so for both (xml and md both support "comments"). Fix for next > release. > * Tests failed for me (on a `mvn package`). Not a release issue, just a > quality issue. I would expect that all of the tests would pass, and just > wanted to mention it. > > ``` > Failed tests: > ShutdownDeadtimeTest.DeadNodesDoNotComeAliveAgain:103 ComparisonFailure > expected:<[16]> but was:<[8]> > StartupSettingsTest.testUsingSettingsFile:69 » Runtime > java.net.BindException:... > TenNodeThreeSeedTest.test:44->abc:78 » Runtime java.net.BindException: > Address... > TenNodeThreeSeedTest.testAgain:49->abc:78 » Runtime > java.net.BindException: Ad... > ``` > > - Josh > > [1] https://www.apache.org/legal/resolved#category-x > [2] https://www.apache.org/legal/resolved#json > [3] https://wiki.debian.org/qa.debian.org/jsonevil > > > Edward Capriolo wrote: > >> I am pleased to be calling this vote for the source release of Apache >> Gossip >> >> Ancillary artifacts such as poms, jars, wars, ect. can be found here: >> https://repository.apache.org/content/repositories/orgapachegossip-1001 >> >> The Git commit ID is: >> https://github.com/edwardcapriolo/incubator-gossip/commit/74 >> 133870410fec45bd6cac39351fcbbe0950de18 >> >> Which will be tagged as gossip-0.1.1-incubating >> >> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git; >> a=commit;h=66d8b7f060bddeeb7c50cb0918f98ce3b265c564 >> >> >> Checksums of >> https://repository.apache.org/content/repositories/orgapache >> gossip-1001/org/apache/gossip/gossip/0.1.1-incubating/ >> gossip-0.1.1-incubating-source-release.zip.asc >> : >> SHA1: 53ca6498d0f704fe7931ec23ca81a638a1fd666c >> MD5: c27067c47bdeb6133660beda908f679c >> >> Release artifacts are signed with the following key: >> http://people.apache.org/~ecapriolo/ >> http://people.apache.org/~ecapriolo/ecapriolo_asf.asc >> >> KEYS file available here: >> https://dist.apache.org/repos/dist/release/incubator/rya/KEYS >> >> The vote will be open for 72 hours. Please download the release candidate >> and evaluate the necessary items including checking hashes, signatures, >> build from source, and test. >> >> >> Release this package? >> [ ] +1 yes >> [ ] +0 no opinion >> [ ] -1 Do not release this package because because... >> >>
