I'll work more on this today. It would also be good for Eddie to run some of the kind of testing he does :-)
-Marshall On 5/2/2016 11:18 AM, Jaroslaw Cwiklik wrote: > Marshall, any update on your testing? Need your vote to be able to proceed. > I am fine with the vote down due to the problems you've found. For RC4 I > would remove references to jars that are not part of the UIMA-AS release. > > Jerry > > On Wed, Apr 27, 2016 at 11:37 AM, Jaroslaw Cwiklik <[email protected]> wrote: > >> We dont bundle all of AMQ to prevent bloating the distribution with things >> that are not normally used. Same reason why we dont package all of uima sdk >> with the uima-as. Including all jars from AMQ will certainly bloat the >> LICENSE and NOTICE files. >> >> If the release is voted down, I will remove references to jars not >> included in the distribution, make some comments in the documentation about >> what parts of AMQ we support and also make a recommendation about what to >> do in case there is missing functionality in the AMQ we ship with UIMA-AS. >> >> Jerry >> >> On Tue, Apr 26, 2016 at 5:43 PM, Lou DeGenaro <[email protected]> >> wrote: >> >>> Why do we feel the need to edit the AMQ distribution rather than include >>> it >>> and its Notice and License information in its entirety? If we think a >>> lighter weight AMQ distribution is desirable, any chance of get the AMQ >>> folks to provide such instead of us hacking? >>> >>> On Tue, Apr 26, 2016 at 5:13 PM, Richard Eckart de Castilho < >>> [email protected]> >>> wrote: >>> >>>> I agree with Marshall. The NOTICE/LICENSE files should reflect what >>>> is actually inside a JAR/ZIP and non-applicable parts should - if >>> feasible >>>> - >>>> be removed. >>>> >>>> That said, the LICENSE/NOTICE files e.g. from the Spring distribution >>> are >>>> also >>>> usually shooting beyond the goal and make references to third-party code >>>> that >>>> may or may not be in a particular artifact... and all artifacts contain >>> the >>>> same notices/licenses. >>>> >>>> In the case of Spring, I find it not particularly practicable to figure >>> out >>>> what is relevant and what not. >>>> >>>> But here, specific parts seem to be clearly assignable to specific >>>> non-packaged JARs, >>>> so it appears to be practicable to be more accurate. >>>> >>>> -- Richard >>>> >>>>> On 26.04.2016, at 23:03, Marshall Schor <[email protected]> wrote: >>>>> >>>>> Here's a summary (please correct if wrong): >>>>> >>>>> There are two "optional" JARs not distributed with UIMA-AS have >>> license >>>> and >>>>> (partial) notice info in the uima-as LICENSE/NOTICE files. >>>>> >>>>> One of the value propositions that lets others make use of our >>>> technology is the >>>>> reputation we maintain about our always somewhat imperfect attempts at >>>> having >>>>> accurate license and notice files. I would prefer that we strive to >>>> keep our >>>>> reputation where it is by removing the license and partial notice for >>>> these >>>>> JARs, and perhaps adding some documentation (if needed) specifying >>> what >>>> JARs can >>>>> be optionally downloaded (from ActiveMQ distribution) for providing >>>> additional >>>>> functionality, not provided out of the box by the UIMA-AS binary >>>> distribution. >>>>> Having said that, if the others on the PMC feel that this flaw (having >>>> extra >>>>> licenses and extra (partial) notices not needed is OK for releasing, I >>>> won't >>>>> stand in the way. >>>>> >>>>> I'll do a bit more testing, and then if nothing more is found, vote >>> -0 to >>>>> indicate this. >>>>> >>>>> http://www.apache.org/foundation/voting.html >>>>> >>>>> -Marshall >>>>> >>>>> >>>>> On 4/26/2016 11:05 AM, Jaroslaw Cwiklik wrote: >>>>>> Thanks Marshall. Just to provide more context for the problems found >>>>>> >>>>>> The JmDNS seems to be part of auto discovery of network of brokers >>> via >>>>>> unicast instead of hard coded URLs. This is not part of standard >>>> uima-as >>>>>> configuration we distribute. When such functionality is needed users >>> may >>>>>> download their own copy of AMQ and use that. Of course there is an >>>> issue of >>>>>> having this jar documented in LICENSE and NOTICE but not present in >>> the >>>>>> distribution. >>>>>> >>>>>> The second one jasypt is providing encryption and decryption of user >>>>>> credentials per: http://activemq.apache.org/encrypted-passwords.html. >>> I >>>>>> think the lack of this jar can also be dealt with the same way as >>> above. >>>>>> Given the above I will await your vote. One way or the other I need >>> your >>>>>> vote to proceed. Seems like quality of the distribution mandates RC3 >>>> vote >>>>>> down. >>>>>> >>>>>> Jerry >>>>>> >>>>>> On Mon, Apr 25, 2016 at 5:56 PM, Marshall Schor <[email protected]> >>> wrote: >>>>>>> Although others may be voting +1 to release, just to be clear, I'm >>>>>>> currently -1 >>>>>>> until the license / notice issues mentioned above are resolved. >>>>>>> >>>>>>> -Marshall >>>> >>
