Hi, -1 binding due to LICENSE issues (see below) and cryptography issues (tinycrypt and polarssl) and there’s a license incompatible with Apache license 2.0 in the release. [5] (4 clause BSD)
It looks like tinycrypt and polarssl has been added since last release but not listed here(?) [2] I checked: - artefacts include incubating - signatures and hashes good - NOTICE is good - LICENSE is missing quite a few items (see below) - DISCLAIMER exists - All source files have headers - No unexpected binary files in release The LICENSE files for core and newt are identical to last release but several 3rd party items have been added For core: - BSD licensed tiny crypt copyright (c) 2015, Intel Corporation [3] - BSD license PPP copyright (c) 1994-2002 Paul Mackerras [4]+ - BSD license CHAP/MD5 copyright (c) 1994-2002 Paul Mackerras [4]+ - BSD license CHAP copyright (c) 1995 Eric Rosenquist. [4] - PD license EAP for PP 2001 by Sun Microsystems, Inc. [4] - BSD license PPP Encryption copyright (c) 2002 Google, Inc.[4] - BSD license EUI64 copyright (c) 1999 Tommi Komulainen[4]+ - BSD license assorted files copyright (c) 1984-2000 Carnegie Mellon University. [4]+ - MIT licensed PPP copyright (c) 2003 by Marc Boucher and Copyright (c) 1997 Global Election Systems Inc. [4]+ - BSD licensed files copyright 2016 STMicroelectronics [6] - BSD licensed code based on XySSL copyright (C) 2006-2008 Christophe Devine [7] - BSD licensed polarssl copyright (C) 2009 Paul Bakker [7] - BSD license SNMP copyright (c) 2001, 2002 Leon Woestenberg and copyright (c) 2001, 2002 Axon Digital Design B.V. [8] (and other files) - BSD licensed lwIP TCP/IP stack copyright (c) 2001, 2002 Swedish Institute of Computer Science. [9] - BSD licensed IGMP copyright (c) 2002 CITEL Technologies Ltd. [10] - BSD license AutoIP copyright (c) 2007 Dominik Spies [11] - BSD license files copyright (c) 2013 - 2015, Freescale Semiconductor, Inc. [12] - BSD licensed coap copyright 2016 Intel Corporation and 2013, Institute for Pervasive Computing, ETH Zurich [13] - and about a dozen others (including ARM and Nordic Semiconductor) as I gave up at this point Note the lines marked + have an additional clause (required notice) that effects the NOTICE file (I think). For newt: - PD licensed code copyright (c) 2012 Miki Tebeka [14] - 20 or so MIT(?) licensed files [15] copyright Ugorji Nwoke [15] - MIT licensed go coap copyright (c) 2013 Dustin Sallings [16] - BSD licensed gatt copyright (c) 2014 PayPal Inc [17] - MIT licensed xpc [18] - MIT licensed gioctl copyright (c) 2014 Mark Wolfe [19] This file [5] is licensed under a 4 clause BSD license which is not on the list of approved licenses. Also looks like you download page need updating to provide links to download the voted on artefacts for the last release. [1] Thanks, Justin 1. https://mynewt.apache.org/download/ 2. https://www.apache.org/licenses/exports/ 3. ./apache-mynewt-core-1.0.0-b1-incubating/crypto/tinycrypt/* 4. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/* 5. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/pppoe.c 6. ./apache-mynewt-core-1.0.0-b1-incubating/hw/mcu/stm/stm32f4xx/src/ext/Drivers/CMSIS/Device/ST/STM32F4xx/* 7. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/polarssl/* 8. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/include/lwip/apps/snmp.h 9. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/ 10. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/core/ipv4/igmp.c 11. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/core/ipv4/autoip.c 12. ./apache-mynewt-core-1.0.0-b1-incubating/hw/mcu/nxp/src/ext/sdk-2.0-frdm-k64f_b160321/devices/MK64F12/* 13. ./apache-mynewt-core-1.0.0-b1-incubating/net/oic/src/messaging/coap/* 14. ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/Sirupsen/logrus/alt_exit.go 15 ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/ugorji/go/codec/*.go 16 ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/dustin/go-coap/LICENSE 17 ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/* 18 ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/xpc/* 19. ./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/linux/gioctl/* --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org