Hi, +1 (binding) to release source package, but -1 for the client connivence binary until the 4 clause BSD licensing issue is resolved.
For the source released I checked: - all files have incubating - signatures check out - disclaimer exists - LICENSE and NOTICE good - No unexpected binary in source - All ASF licensed file have ASF headers The source LICENSE has a minor issue. It mentions the 4 clause BSD license which is not compatible with the Apache license (only the 2 and 3 clause BSD licenses are) [1][2]. In this case the extra clause has been recinded [3] you might want to reword/state that in the license. But that does mean there is an issue with the client binary release as that includes OpenSSL which lists a 6 clause BSD style license (similar to a 4 clause BSD license) and SSLeay under a 4 clause BSD license. You may need to clarify this on legal discuss. It may be that their intent to move to an Apache licence may mean you can hold off on doing anything but I’m not 100% sure. [4][5] I would also remove the GPL license text from the server’s LICENSE file to make it clear which license it’s included under. If something is dual licensed you select which licence you want to use. Thanks, Justin 1. http://www.apache.org/legal/resolved.html#category-a 2. https://issues.apache.org/jira/browse/LEGAL-185 3. https://opensource.org/licenses/BSD-3-Clause 4. https://www.openssl.org/blog/blog/2015/08/01/cla/ 5. https://wiki.openssl.org/index.php/License --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
