Hi Justin, Thanks for the careful screening.
Basically, there are two issues in the release tar bar: 1. We are using a customized Rust's standard library and include modified sources and other upstream code in our codebase. 2. We also include code of OP-TEE libraries as our vendored third-party libraries. These two codebases are from other parties and indeed difficult to review. We are releasing in this way to make sure all dependencies are self-contained. Of course, instead of including third-party sources, we can just include patches and download all dependencies during the build time. What do you think? Mingshen On Tue, Nov 30, 2021 at 7:46 PM Justin Mclean <jus...@classsoftware.com> wrote: > > Hi, > > Sorry but -1 (binding) due to incompatible licenses in source release and > those licenses not mentioned. A WIP disclaimer isn’t a blanket exception and > you need to note what the issues are and inform the used of what licenses are > incompatible. Please see [4] > > When voting on releases, it’s also a good idea to indicate if your vote is > binding (only IPMC members votes are binding here) and what you checked in > the release. > > I checked: > - incubating in name > - signatures and hashes are fine > - disclaimer (WIP) exists > - NOTICE and LICENSE need more work. There seem to be a large number of > things missing from LICENSE. > - a large number of files do not have have header which make this release > very difficult to review > - Looks likes the release may contain compiled code? [7][8] > - I didn’t compile from source > > With the LICENSE I don’t see these files licensed mentioned [1] This is > concerning [2] as these are not mentioned in LICENSE. This license [2] is not > compatible with the ALv2. There several other fonts files that are also > included in the release. This file [5] is under a Category X license, as are > I assume parts of this file. [6] > > Kind Regards, > Justin > > 1. ./rust/rust/library/stdarch/crates/stdarch-verify/arm-intrinsics.html > 2. ./rust/rust/COPYRIGHT > 3. ./rust/rust/src/librustdoc/html/static/fonts/FiraSans-LICENSE.txt > 4. https://issues.apache.org/jira/browse/LEGAL-469 > 5. ./optee/build/ti/Makefile > 6 ./optee/optee_os/lib/libutee/arch/arm/gprof/gmon_out.h > 7. > ./rust/rust/library/stdarch/crates/std_detect/src/detect/test_data/linux-rpi3.auxv > 8 ./rust/rust/src/test/ui/macros/not-utf8.bin > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
