Marshall, any update on your testing? Need your vote to be able to proceed. I am fine with the vote down due to the problems you've found. For RC4 I would remove references to jars that are not part of the UIMA-AS release.
Jerry On Wed, Apr 27, 2016 at 11:37 AM, Jaroslaw Cwiklik <[email protected]> wrote: > We dont bundle all of AMQ to prevent bloating the distribution with things > that are not normally used. Same reason why we dont package all of uima sdk > with the uima-as. Including all jars from AMQ will certainly bloat the > LICENSE and NOTICE files. > > If the release is voted down, I will remove references to jars not > included in the distribution, make some comments in the documentation about > what parts of AMQ we support and also make a recommendation about what to > do in case there is missing functionality in the AMQ we ship with UIMA-AS. > > Jerry > > On Tue, Apr 26, 2016 at 5:43 PM, Lou DeGenaro <[email protected]> > wrote: > >> Why do we feel the need to edit the AMQ distribution rather than include >> it >> and its Notice and License information in its entirety? If we think a >> lighter weight AMQ distribution is desirable, any chance of get the AMQ >> folks to provide such instead of us hacking? >> >> On Tue, Apr 26, 2016 at 5:13 PM, Richard Eckart de Castilho < >> [email protected]> >> wrote: >> >> > I agree with Marshall. The NOTICE/LICENSE files should reflect what >> > is actually inside a JAR/ZIP and non-applicable parts should - if >> feasible >> > - >> > be removed. >> > >> > That said, the LICENSE/NOTICE files e.g. from the Spring distribution >> are >> > also >> > usually shooting beyond the goal and make references to third-party code >> > that >> > may or may not be in a particular artifact... and all artifacts contain >> the >> > same notices/licenses. >> > >> > In the case of Spring, I find it not particularly practicable to figure >> out >> > what is relevant and what not. >> > >> > But here, specific parts seem to be clearly assignable to specific >> > non-packaged JARs, >> > so it appears to be practicable to be more accurate. >> > >> > -- Richard >> > >> > > On 26.04.2016, at 23:03, Marshall Schor <[email protected]> wrote: >> > > >> > > Here's a summary (please correct if wrong): >> > > >> > > There are two "optional" JARs not distributed with UIMA-AS have >> license >> > and >> > > (partial) notice info in the uima-as LICENSE/NOTICE files. >> > > >> > > One of the value propositions that lets others make use of our >> > technology is the >> > > reputation we maintain about our always somewhat imperfect attempts at >> > having >> > > accurate license and notice files. I would prefer that we strive to >> > keep our >> > > reputation where it is by removing the license and partial notice for >> > these >> > > JARs, and perhaps adding some documentation (if needed) specifying >> what >> > JARs can >> > > be optionally downloaded (from ActiveMQ distribution) for providing >> > additional >> > > functionality, not provided out of the box by the UIMA-AS binary >> > distribution. >> > > >> > > Having said that, if the others on the PMC feel that this flaw (having >> > extra >> > > licenses and extra (partial) notices not needed is OK for releasing, I >> > won't >> > > stand in the way. >> > > >> > > I'll do a bit more testing, and then if nothing more is found, vote >> -0 to >> > > indicate this. >> > > >> > > http://www.apache.org/foundation/voting.html >> > > >> > > -Marshall >> > > >> > > >> > > On 4/26/2016 11:05 AM, Jaroslaw Cwiklik wrote: >> > >> Thanks Marshall. Just to provide more context for the problems found >> > >> >> > >> The JmDNS seems to be part of auto discovery of network of brokers >> via >> > >> unicast instead of hard coded URLs. This is not part of standard >> > uima-as >> > >> configuration we distribute. When such functionality is needed users >> may >> > >> download their own copy of AMQ and use that. Of course there is an >> > issue of >> > >> having this jar documented in LICENSE and NOTICE but not present in >> the >> > >> distribution. >> > >> >> > >> The second one jasypt is providing encryption and decryption of user >> > >> credentials per: http://activemq.apache.org/encrypted-passwords.html. >> I >> > >> think the lack of this jar can also be dealt with the same way as >> above. >> > >> >> > >> Given the above I will await your vote. One way or the other I need >> your >> > >> vote to proceed. Seems like quality of the distribution mandates RC3 >> > vote >> > >> down. >> > >> >> > >> Jerry >> > >> >> > >> On Mon, Apr 25, 2016 at 5:56 PM, Marshall Schor <[email protected]> >> wrote: >> > >> >> > >>> Although others may be voting +1 to release, just to be clear, I'm >> > >>> currently -1 >> > >>> until the license / notice issues mentioned above are resolved. >> > >>> >> > >>> -Marshall >> > >> > >> > >
