Justin, Good call. I will work with my colleagues in Amazon to try and help with this.
I'm not sure what is the best approach with 3P code issues though: you call out 3rdparty/onnx-tensorrt as having a mix of license types and having other issues. However, this is part of another repo, integrated into MXNet as a git submodule (https://github.com/onnx/onnx-tensorrt.git). Is it necessary to "fix" licensing of 3P packages as well? I think this will be very difficult... Curious to get your thoughts and perspective. Hagay On Sat, Jan 5, 2019 at 5:50 PM Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > I’m still -1 (binding) there are also some LICENSE issues that need to be > looked into. > > I checked: > - incubating in name > - signature and hashes good > - DISCLAIMER exists > - LICENSE and NOTICE need some work (see below) > - No unexpected binary files > - A number of files are missing headers and it’s unclear how some of these > are licensed > - I didn’t try to compile > > These LICENSE files mentioned in LICENSE do not exist: > - 3rdparty/tvm/dmlc-core/LICENSE > - 3rdparty/tvm/nnvm/LICENSE > - R-package/LICENSE > - nnvm/tvm/HalideIR/LICENSE > > LICENSE is missing mention of: > - ./docs/_static/js/clipboard.min.js (MIT licensed © Zeno Rocha) You may > also want to include the non-minified code as that could be considered to > being “compiled" code and could be thought of as category X. > - ./julia > - ./perl-package ? (unclear if this was developed at the ASF or not) > - 3rdparty/openmp/LICENSE.txt > - > /apache-mxnet-src-1.4.0.rc0-incubating/3rdparty/mkldnn/src/cpu/xbyak/xbyak.h > and other .h files in that directory - note the double headers > - apache-mxnet-src-1.4.0.rc0-incubating/3rdparty/cub/test/mersenne.h > > And probably other files. It’s very hard to review when the copyright > owners are not clearly indicated in LICENSE. It would help if all license > file were placed in one directory, that way it would be easy to search if > all required licenses have been included. > > I think a lot more work is needed on the LICENSE here for instance taking > a look at one directory: > 3rdparty/onnx-tensorrt > > With the LICENSE file containing: > MIT License > Copyright (c) 2018, NVIDIA CORPORATION. All rights reserved. > Copyright (c) 2018 Open Neural Network Exchange > > However searching for license and copyright under that you can see it > contains a mix of different licensed files, including MIT, BSD, Apache and > at least 30 different copyright statements. I can see some of the > sub-directory are also referenced but it doesn’t seem complete to me. > > There are lots of other files missing headers, in some cases it could be > assumed that they are 3rd party files, but in some cases it is unclear. For > instance: > > File in ./docs/_static/js/*.,js are missing headers. How are theses > licensed? > > This files are missing headers - how are they licensed? > ./src/operator/special_functions-inl.h > ./src/operator/contrib/nn/deformable_im2col.cuh > ./src/operator/contrib/nn/deformable_im2col.h > ./src/operator/nn/im2col.cuh > ./src/operator/nn/im2col.h > ./src/operator/nn/pool.h > > It might help you if you used a tool like https://www.fossology.org to > track everything a you have a large number of 3rd party licensed software > from a large number of authors. > > Thanks, > Justin > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >