Joe, Thank you for summarizing so clearly. I read the NiFi guide a few months back, but obviously need to go through it again.
If I understand correctly, it looks like there are no license concerns. Thanks, Joe On Sat, Jul 16, 2016 at 1:23 PM, Joe Witt <[email protected]> wrote: > Generally speaking: > > [source] > There are many source elements that go into our source release. All > of those must be appropriately licensed and based on our compatible > with the ASLv2 License which generally is consider as those items > listed as [1]. > > [build process] > There are package managers involved in the build process including > things like Maven, NPM, Bower, and perhaps others. There are also > other things used to conduct the build. Those things need to be > appropriately licensed for us to use. I'm not aware of anything we're > using that is problematic. > > [binary artifacts] > There are numerous binary artifacts produced as a result of our build > process. All of those artifacts need to be appropriately licensed and > compatible with ASLv2 which includes those category-a items listed > above and also binary artifacts which satisfy the category-b handling > mentioned here [2]. > > So the net of this is that our source LICENSE/NOTICE [1,2] must > account for all things in our source release. Our binary artifact > LICENSE/NOTICE [3,4] must account for things in our binary convenience > bundles/artifacts. > > Much more of this is described and articulated on various ASF pages. > For the NiFi project itself though we have this document to help root > that guidance in our processes that we have thus far [5]. > > [1] http://www.apache.org/legal/resolved.html#category-a > [2] http://www.apache.org/legal/resolved.html#category-a > [3] https://github.com/apache/nifi/blob/master/LICENSE > [4] https://github.com/apache/nifi/blob/master/NOTICE > [5] https://github.com/apache/nifi/blob/master/nifi-assembly/LICENSE > [6] https://github.com/apache/nifi/blob/master/nifi-assembly/NOTICE > [7] https://nifi.apache.org/licensing-guide.html > > Thanks > Joe > > On Sat, Jul 16, 2016 at 12:58 PM, Joe Skora <[email protected]> wrote: > > I'm somewhat ignorant regarding of the front-end wiring, when a NiFi > > instance runs does it use NodeJS, NPM, Bower, etc. or are those only used > > during the build? > > > > If they are only used during the build, how does that affect the Apache > > licensing, do they need to have Apache compatible licenses like a Java > > library does? > > > > On Fri, Jul 15, 2016 at 7:52 PM, Joe Witt <[email protected]> wrote: > > > >> Wow i reread the first paragraph I wrote and well...yowza hopefully > >> you can tell what I meant to say. > >> > >> Also wanted to add that when I started seeing those things show up in > >> the build i too did a double take and started looking into the > >> licensing. So it is very right to bring these up. Taking this line > >> of thought further i've also been concerned about things like > >> stylesheets or fonts that are referenced against websites that get > >> looked up by the client browser at runtime. Definitely tradeoffs to > >> consider. > >> > >> Anyway, I'll take another look too but if you find specific artifacts > >> that are problematic in the resulting build please do share. > >> > >> Thanks > >> Joe > >> > >> On Fri, Jul 15, 2016 at 5:39 PM, Joe Witt <[email protected]> wrote: > >> > Joe, > >> > > >> > Now is certainly the time to address any concerns like this so no > >> > worries if false. > >> > > >> > For item #1) > >> > The source release cannot have any binaries. A convenience binary > >> > build generally is comprised on producing binary artifacts and linking > >> > them with dependent artifacts much like happens as maven pulls in > >> > dependencies. Officially apache projects only do source releases. > >> > The binary convenience artifacts some projects, like ours, provide is > >> > truly just a convenience. We must take care to ensure that the > >> > resulting items are properly licensed and such but the official > >> > 'release' is the source code only. > >> > > >> > For item #2) > >> > The tools used to conduct the build are not necessary to call out nor > >> > are dependencies like test dependencies, for example. The resulting > >> > artifacts in our binary build do need to be accounted for though and > >> > yes they do need to be ASLv2 compatible. The LICENSE/NOTICE within > >> > nifi-assembly is where the appropriate LICENSE/NOTICE lives for such > >> > things. Are there any specific artifacts being pulled in that you're > >> > finding problematic? We should definitely get those identified and > >> > addressed. > >> > > >> > Thanks > >> > Joe > >> > > >> > On Fri, Jul 15, 2016 at 5:25 PM, Joe Skora <[email protected]> wrote: > >> >> Dear devs, > >> >> > >> >> I've looking into the 1.0.0 build processes and I noticed a couple > >> things > >> >> that I don't understand. > >> >> > >> >> 1. During the build, nifi-web-ui (and another modules) use NodeJS. > This > >> >> entails the "frontend-maven-plugin" actually downloading and > executing > >> >> binary code. That's not something I'd normally expect in a Maven > build, > >> >> especially when the downloads do not come from repositories > referenced > >> in > >> >> the NiFi build configuration. > >> >> > >> >> Is installing a foreign binary and executing it during a build a > >> >> problem under Apache? > >> >> > >> >> 2. The build uses NodeJS, NPM, and Bower (maybe more) but I cannot > find > >> any > >> >> references to those tools in the license files. Node appears to have > >> it's > >> >> own license, with a good bit of stuff rolled in as well. If the > >> relevant > >> >> licenses are not Apache compatible this could be a problem. > >> >> > >> >> Are there any license whisperers who can look at how these need > to > >> be > >> >> reconciled? > >> >> > >> >> Sorry if I'm sounding false alarms, but this caught me off guard. I > >> >> apologize if missed a prior discussion of this on the dev list. > >> >> > >> >> Regards, > >> >> Joe > >> >
