Hi,
ccing dev@dubbo
On Fri, Apr 19, 2019 at 8:24 AM Willem Jiang <willem.ji...@gmail.com> wrote:
>
> Hi,
>
> I just checked the binary release kit, it has the third party
> dependency of LGPL (Hibernate core) which is belonged to Cataloge
> X[1], it cannot be included in Apache Product.
> I had to vote -1 for it. We can change the ORM lib to Eclipse Link to
> fix this issue, I just fill an issue here[2].
I did some dig for this issue and confirm that this is introduced by
this pull request[1].
The purpose of this pull request is to introduce the pagination to
service query.
In this pull request a dependency to spring-boot-starter-data-jpa was added,
which introduce the LGPL licensed dependency hibernate-core.
The detailed dependency tree is shown below:
[INFO] +-
org.springframework.boot:spring-boot-starter-data-jpa:jar:2.0.2.RELEASE:compile
[INFO] | +-
org.springframework.boot:spring-boot-starter-aop:jar:2.0.2.RELEASE:compile
[INFO] | | \- org.aspectj:aspectjweaver:jar:1.8.13:compile
[INFO] | +-
org.springframework.boot:spring-boot-starter-jdbc:jar:2.0.2.RELEASE:compile
[INFO] | | +- com.zaxxer:HikariCP:jar:2.7.9:compile
[INFO] | | \- org.springframework:spring-jdbc:jar:5.0.6.RELEASE:compile
[INFO] | +- org.hibernate:hibernate-core:jar:5.2.17.Final:compile
[INFO] | | +-
org.hibernate.javax.persistence:hibernate-jpa-2.1-api:jar:1.0.0.Final:compile
[INFO] | | +- antlr:antlr:jar:2.7.7:compile
[INFO] | | +- org.jboss:jandex:jar:2.0.3.Final:compile
[INFO] | | +- dom4j:dom4j:jar:1.6.1:compile
[INFO] | | \-
org.hibernate.common:hibernate-commons-annotations:jar:5.0.1.Final:compile
[INFO] | +- javax.transaction:javax.transaction-api:jar:1.2:compile
[INFO] | +- org.springframework.data:spring-data-jpa:jar:2.0.7.RELEASE:compile
[INFO] | | +-
org.springframework.data:spring-data-commons:jar:2.0.7.RELEASE:compile
[INFO] | | +- org.springframework:spring-orm:jar:5.0.6.RELEASE:compile
[INFO] | | \- org.springframework:spring-tx:jar:5.0.6.RELEASE:compile
[INFO] | \- org.springframework:spring-aspects:jar:5.0.6.RELEASE:compile
Actually the hiberate-core dependency is never used when implementing
the feature,
I think it can be excluded quietly. This is the safest way to solve this issue.
To dig further, the only dependency that required to be added is just
spring-data-commons,
which is Apache 2.0 Licensed[2]. (I just confirm the code can compile
and start correctly with spring-data-commons,
it might need to check more at runtime to ensure everything is working)
We need to be very careful when new dependency is added, and ensure
all the license (including transitive dependencies) are compatible
with Apache.
The community has identified several similar issues [3][4] for
incubator-dubbo project, and similar actions should be done to
incubator-dubbo-admin as well.
To identify the issue automatically, I run the following command:
mvn license:add-third-party -Dlicense.useMissingFile
and grep the output:
cat dubbo-admin-server/target/generated-sources/license/THIRD-PARTY.txt|
grep "General Public License"
(Eclipse Public License - v 1.0) (GNU Lesser General Public
License) Logback Classic Module (ch.qos.logback:logback-classic:1.2.3
- http://logback.qos.ch/logback-classic)
(Eclipse Public License - v 1.0) (GNU Lesser General Public
License) Logback Core Module (ch.qos.logback:logback-core:1.2.3 -
http://logback.qos.ch/logback-core)
(GNU Lesser General Public License) Core Hibernate O/RM
functionality (org.hibernate:hibernate-core:5.2.17.Final -
http://hibernate.org)
(GNU Lesser General Public License) Hibernate Commons Annotations
(org.hibernate.common:hibernate-commons-annotations:5.0.1.Final -
http://hibernate.org)
The last 2 are both introduced by hibernate-core. A script to check
license issue for dependencies was on the way[5].
[1] https://github.com/apache/incubator-dubbo-admin/pull/324
[2]
https://github.com/spring-projects/spring-data-commons/blob/master/src/main/resources/license.txt
[3]
https://lists.apache.org/thread.html/2231c58509842fe4069f2091f00ea7fd5c4e6ae4bf8ce1a97b16e9c5@%3Cdev.dubbo.apache.org%3E
[4]
https://lists.apache.org/thread.html/e3112c832415850779af2fe04aa7325d8d776144f3939cc63f5eab08@%3Cdev.dubbo.apache.org%3E
[5] https://github.com/apache/incubator-dubbo/issues/3840
>
> [1]https://www.apache.org/legal/resolved.html#category-x
> [2]https://github.com/apache/incubator-dubbo-admin/issues/366
>
> Willem Jiang
>
> Twitter: willemjiang
> Weibo: 姜宁willem
>
> On Mon, Apr 15, 2019 at 10:24 AM Minxuan Zhuang <z82507...@gmail.com> wrote:
> >
> > Hello Incubator Community,
> >
> > The Apache Dubbo community has voted on and approved a proposal to release
> > Apache Dubbo Admin (Incubating) version 0.2.0.
> >
> > We now kindly request the Incubator PMC members review and vote on this
> > incubator release.
> >
> > Apache Dubbo™ (incubating) is a high-performance, java based, open source
> > RPC framework. Dubbo offers three key functionalities, which include
> > interface based remote call, fault tolerance & load balancing, and
> > automatic service registration & discovery.
> >
> >
> > Dubbo community vote and result thread:
> > https://lists.apache.org/thread.html/fc71a5f8c93b8c3606338b97a08c044af64ca3165e226aed37295a45@%3Cdev.dubbo.apache.org%3E
> >
> > The release candidates (RC3):
> > *https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0
> > <https://dist.apache.org/repos/dist/dev/incubator/dubbo/dubbo-admin/0.2.0/>/*
> >
> >
> > Git tag for the release (RC3):
> > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0
> >
> > Hash for the release tag:
> > 37e23a7354e3da50914e075eb4676c7c2875ffa7
> >
> > Release Notes:
> > https://github.com/apache/incubator-dubbo-admin/releases/tag/0.2.0
> >
> >
> > The artifacts have been signed with Key :
> > DA2108479B0C1E71, which can be
> > found in the keys file:
> > *https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS
> > <https://dist.apache.org/repos/dist/dev/incubator/dubbo/KEYS>*
> >
> > The vote will be open for at least 72 hours or until necessary number of
> > votes are reached.
> >
> > Please vote accordingly:
> >
> > [ ] +1 approve
> > [ ] +0 no opinion
> > [ ] -1 disapprove with the reason
> >
> > Thanks,
> > The Apache Dubbo (Incubating) Team
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
--
Best Regards!
Huxing
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
