Let me first summarize the result of the feedback on LICENSE issues: > - there are several references to a benchmark directory, but it is not included in the release
This is correct. We made [10] to address it. And We're preparing a new release candidate. [10] https://github.com/apache/incubator-fury/pull/1562 > - there seems to be 3rd part code from OpenSumi here [1][2][3][4] This is false positive. OpenSumi's release bundle contains the code from Fury. The origin comes from Fury. > - there seems to be code from Ray here [5][6] This is false positive. Shawn owns the code and they are "Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements." > - this file may have been copied from somewhere [7] This is false positive. The content of ArrayAsList is shared above. I suppose most Java developers would argue that it's a trivial class. Also, there is no evidence to show other origins possibility. To Shawn, > We can cooperate with OpenSumi after we make the first formal release of furyjs under ASF later. Although this can be a good way to go, I notice that in this RC the tarball packages furyjs' code: 0.5.0-rc3/apache-fury-incubating-0.5.0-src/javascript I'd like to know the details about "we don't release furyjs in 0.5.0" because you seem to release furyjs' sources in 0.5.0. Best, tison. Shawn Yang <shawn.ck.y...@gmail.com> 于2024年4月25日周四 17:16写道: > Hi tison, > > Thanks for the suggestion, we don't release furyjs in 0.5.0. > > We can cooperate with OpenSumi after we make the first formal release of > furyjs > under ASF later. > > Best, > Chaokun > > On Thu, Apr 25, 2024 at 5:11 PM tison <wander4...@gmail.com> wrote: > > > Hi Shawn, > > > > Thanks for sharing the finding. I can see the dependency from OpenSumi to > > Fury as in [1] now. > > > > [1] https://github.com/search?q=repo:opensumi/core%20fury&type=code > > > > After we make the first formal release, we can cooperate with OpenSumi to > > upgrade to an incubating release and thus update the mention in their > docs > > to Apache Fury also, like [2][3]. > > > > [2] https://github.com/GreptimeTeam/greptimedb/pull/2653 > > [3] https://github.com/GreptimeTeam/greptimedb/pull/3168 > > > > Best, > > tison. > > > > > > Shawn Yang <shawn.ck.y...@gmail.com> 于2024年4月25日周四 17:04写道: > > > > > Hi Justin, > > > > > > Thanks for sharing this tool. I checked the code in Fury with this > tool. > > > > > > Here is the result: > > > 1) [5][6] are osscan results. > > > 2) Those files has duplication with package/lib/worker-host.js in > > > opensumi[7] > > > > > > Opensumi relies on furyjs, so it packaged the code in apache fury into > > its > > > release bundle. > > > As you can see from the opensumi code repository[8]. There is no such > > > worker-host.js file, > > > It's a file generated at opensum build process, which packaged apache > > > furyjs code into their bundle. > > > > > > So I think this is not an issue in fury. > > > > > > Do you have further issues? If not, I'll close this vote and start a > new > > > release candidate later. > > > > > > 1. /javascript/packages/fury/lib/gen/datetime.ts > > > 2. /javascript/packages/fury/lib/gen/index.ts > > > 3. /javascript/packages/fury/lib/fury.ts > > > 4. /javascript/packages/fury/lib/classResolver.ts > > > 5 > > > > > > > > > https://github.com/apache/incubator-fury/assets/12445254/cfa0fb06-bf23-468d-bf76-f9b106467611 > > > 6. > > > > > > > > > https://github.com/apache/incubator-fury/assets/12445254/7698a87d-ffd9-4400-9a79-a2f27f191c1d > > > 7. https://www.npmjs.com/package/%40opensumi/ide-extension > > > 8. https://github.com/opensumi/core/ > > > > > > ---------- > > > Best regards, > > > Chaokun Yang > > > > > > On Thu, Apr 25, 2024 at 1:52 PM tison <wander4...@gmail.com> wrote: > > > > > > > Hi Justin, > > > > > > > > Thank you, and that's not in a hurry. I'd just like to make the > status > > > > clear and ensure we can make progress instead of subjective arguing. > > > > > > > > Now I know you use ScanOSS and I'd suggest other members in Fury try > to > > > > check the project with this tool. I'll try it out if I find some > time, > > > and > > > > I'd appreciate it if you could share how you use this tool to do > > > compliance > > > > checks, it would help all the people in the Incubator :D > > > > > > > > ::OT:: IIRC ScanOSS CEO or CTO gave a talk at the Dev.Together Conf > > weeks > > > > before, now I found a real use case XD. > > > > > > > > Best, > > > > tison. > > > > > > > > > > > > Justin Mclean <jus...@classsoftware.com> 于2024年4月25日周四 13:40写道: > > > > > > > > > HI, > > > > > > > > > > I’m happy to share it, but as I said, I'm travelling right now and > > > don't > > > > > have access. I used ScanOSS workbench, but there are other checkers > > out > > > > > there. And yes, tools like this can sometimes give false positives, > > and > > > > it > > > > > can sometimes be unclear where things were originally copied or, in > > > fact, > > > > > may have been copied themselves. > > > > > > > > > > Kind Regards, > > > > > Justin > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > > > > > > > > > > >
