If you are happy with the duplicate jars issue, then it's not a blocker for this release from my POV (although I wonder how it's going to work?).
But I think the license issue is a blocker, unfortunately. It's just a matter of going through each of the jars in "lib" and adding the license information if they are not Apache licensed at the end of our LICENSE.txt in the distribution. In addition, any additional copyright notices they have in the NOTICE file in the source must be added to our NOTICE file. Colm. On Wed, Nov 29, 2017 at 4:12 PM, Kalyan Kumar Kalvagadda < kkal...@cloudera.com> wrote: > Colm, > > Just to let you know duplicate dependency issue is there in older sentry > release as well. Its not introduced in sentry 2.0 release. > I'm sure that would case even for jar's that are not licensed by Apache. > > Why don't we address in sentry 2.1.0 release? > > -Kalyan. > > > -Kalyan > > On Wed, Nov 29, 2017 at 8:41 AM, Kalyan Kumar Kalvagadda < > kkal...@cloudera.com> wrote: > >> Colm, >> >> Wiki has explicit steps to upload source + bin distributions separately. >> I did not upload them to "https://dist.apache.org/repos/dist/dev/sentry"; >> thinking it would be copied from my private space to the this official >> place holder after the voting is passed. I have put the link in the voting >> email just for reference. >> >> I'm not sure if these are blockers. I will wait for other to respond on >> this. >> >> While I'm waiting, I will start working on the duplicate jar dependency >> issue. >> >> >> -Kalyan >> >> On Wed, Nov 29, 2017 at 6:27 AM, Colm O hEigeartaigh <cohei...@apache.org >> > wrote: >> >>> Hi Kalyan, >>> >>> Why do we vote on source + bin distributions that are copied to a local >>> directory, when they are available in maven here? >>> >>> https://repository.apache.org/content/repositories/orgapache >>> sentry-1005/org/apache/sentry/sentry-dist/2.0.0/ >>> >>> I found a minor problem in that some test dependencies in Sentry are not >>> declared at test scope, meaning that 5 extra jars are copied to the >>> distribution lib directory: >>> >>> https://issues.apache.org/jira/browse/SENTRY-2076 >>> >>> I'm not sure if this is a blocker or not for this release. I have two >>> further concerns: >>> >>> a) We are shipping lots of duplicate jars in the lib directory with >>> different versions, e.g. Jetty 6 and 9 jars, three different metrics >>> versions, etc. Surely all these different versions must be causing some >>> conflicts when using the Sentry distribution? >>> >>> b) We are shipping a *lot* of jars but have very little license >>> information. Surely a lot of the jars we are shipping are not Apache >>> licensed, and must therefore have the license referenced in the LICENSE >>> file? >>> >>> Colm. >>> >>> On Wed, Nov 29, 2017 at 12:38 AM, Kalyan Kumar Kalvagadda < >>> kkal...@cloudera.com> wrote: >>> >>> > This is the release of Apache Sentry, version 2.0.0. >>> > >>> > It fixes the following issues: >>> > *https://issues.apache.org/jira/projects/SENTRY/versions/12341081 >>> > <https://issues.apache.org/jira/projects/SENTRY/versions/12341081>* >>> > >>> > Source and bin files : >>> > *http://home.apache.org/~kalyan/apache-sentry-2.0.0-src-rc-1/ >>> > <http://home.apache.org/~kalyan/apache-sentry-2.0.0-src-rc-1/>* >>> > >>> > Maven artifacts are available >>> > here:https://repository.apache.org/content/repositories/orga >>> pachesentry- >>> > 1005/ >>> > >>> > >>> > Tag to be voted on >>> > *https://git-wip-us.apache.org/repos/asf/sentry/?p= >>> > sentry.git;a=tag;h=refs/tags/release-2.0.0 >>> > <https://git-wip-us.apache.org/repos/asf/sentry/?p= >>> > sentry.git;a=tag;h=refs/tags/release-2.0.0>* >>> > >>> > Sentry's KEYS containing the PGP key we used to sign the release: >>> > http://www.apache.org/dist/sentry/KEYS >>> > >>> > we are voting on the source:tag=release-2.0.0, SHA= >>> > 18fe7c596fa1ffad3e656a42d534ac190876b642 >>> > (You can get the hash of the tag by doing "git rev-list release-1.8.0 >>> | >>> > head -n 1" ) >>> > >>> > Vote will be open for 72 hours. >>> > >>> > [ ] +1 approve >>> > [ ] +0 no opinion >>> > [ ] -1 disapprove (and reason why) >>> > >>> > -Kalyan >>> > >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
