[GitHub] [zookeeper] symat commented on a diff in pull request #1957: ZOOKEEPER-4644: update dependencies before release 3.6.4

Sat, 10 Dec 2022 04:24:39 -0800 


symat commented on code in PR #1957:
URL: https://github.com/apache/zookeeper/pull/1957#discussion_r1045079471


##########
zookeeper-server/src/main/resources/NOTICE.txt:
##########
@@ -32,29 +35,112 @@ Base64 Encoder and Decoder, which can be obtained at:
   * HOMEPAGE:
     * http://iharder.sourceforge.net/current/java/base64/
 
-This product contains a modified version of 'JZlib', a re-implementation of
-zlib in pure Java, which can be obtained at:
+This product contains a modified portion of 'Webbit', an event based
+WebSocket and HTTP server, which can be obtained at:
+
+  * LICENSE:
+    * license/LICENSE.webbit.txt (BSD License)
+  * HOMEPAGE:
+    * https://github.com/joewalnes/webbit
+
+This product contains a modified portion of 'SLF4J', a simple logging
+facade for Java, which can be obtained at:
+
+  * LICENSE:
+    * license/LICENSE.slf4j.txt (MIT License)
+  * HOMEPAGE:
+    * https://www.slf4j.org/
 
+This product contains a modified portion of 'Apache Harmony', an open source

Review Comment:
   good question... honestly, I haven't dug deeply into this, I usually just 
update the content of the license / notice files we have before I cut a 
release. (updating the versions and double-checking the license types for 
updated third parties). 
   
   AFAIU, our practice is:
   - copy the license files of all directly included runtime 3pp libraries to 
`zookeeper-server/src/main/resources/lib`
   - update the  `zookeeper-server/src/main/resources/LICENSE.txt`, where we 
have the Apache 2.0 license, and we also mention all the third parties which 
has a different license (other than Apache 2)
   - update the NOTICE.txt file with all other contributions / sources (which 
are mainly come from the netty project, so we have the netty NOTICE file 
copy-pasted some time there... but I just updated that, as netty NOTICE file 
changed a lot during the years)
   
   After some googling, I also found this page: 
https://infra.apache.org/licensing-howto.html
   
   I never spent time on assessing if this practice we have in ZooKeeper is OK 
or not. I hope that someone with better knowledge checks this during the 
VOTE... But anyway, I don't think we need to change our approach in a bugfix 
release. But if we are afraid that we don't follow some Apache policy here 
precisely enough, then maybe someone can take the time and review this more 
deeply for the next minor (3.9) release.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to