Wow i reread the first paragraph I wrote and well...yowza hopefully you can tell what I meant to say.
Also wanted to add that when I started seeing those things show up in the build i too did a double take and started looking into the licensing. So it is very right to bring these up. Taking this line of thought further i've also been concerned about things like stylesheets or fonts that are referenced against websites that get looked up by the client browser at runtime. Definitely tradeoffs to consider. Anyway, I'll take another look too but if you find specific artifacts that are problematic in the resulting build please do share. Thanks Joe On Fri, Jul 15, 2016 at 5:39 PM, Joe Witt <[email protected]> wrote: > Joe, > > Now is certainly the time to address any concerns like this so no > worries if false. > > For item #1) > The source release cannot have any binaries. A convenience binary > build generally is comprised on producing binary artifacts and linking > them with dependent artifacts much like happens as maven pulls in > dependencies. Officially apache projects only do source releases. > The binary convenience artifacts some projects, like ours, provide is > truly just a convenience. We must take care to ensure that the > resulting items are properly licensed and such but the official > 'release' is the source code only. > > For item #2) > The tools used to conduct the build are not necessary to call out nor > are dependencies like test dependencies, for example. The resulting > artifacts in our binary build do need to be accounted for though and > yes they do need to be ASLv2 compatible. The LICENSE/NOTICE within > nifi-assembly is where the appropriate LICENSE/NOTICE lives for such > things. Are there any specific artifacts being pulled in that you're > finding problematic? We should definitely get those identified and > addressed. > > Thanks > Joe > > On Fri, Jul 15, 2016 at 5:25 PM, Joe Skora <[email protected]> wrote: >> Dear devs, >> >> I've looking into the 1.0.0 build processes and I noticed a couple things >> that I don't understand. >> >> 1. During the build, nifi-web-ui (and another modules) use NodeJS. This >> entails the "frontend-maven-plugin" actually downloading and executing >> binary code. That's not something I'd normally expect in a Maven build, >> especially when the downloads do not come from repositories referenced in >> the NiFi build configuration. >> >> Is installing a foreign binary and executing it during a build a >> problem under Apache? >> >> 2. The build uses NodeJS, NPM, and Bower (maybe more) but I cannot find any >> references to those tools in the license files. Node appears to have it's >> own license, with a good bit of stuff rolled in as well. If the relevant >> licenses are not Apache compatible this could be a problem. >> >> Are there any license whisperers who can look at how these need to be >> reconciled? >> >> Sorry if I'm sounding false alarms, but this caught me off guard. I >> apologize if missed a prior discussion of this on the dev list. >> >> Regards, >> Joe
