Re: [VOTE] 2.6.2 RC0
Closing this vote, please refer to the [VOTE] 2.6.2 RC1 thread On Wed, Mar 31, 2021 at 3:41 PM Justin Mclean wrote: > Hi, > > > Can you clarify a few things? > > Sorry I'm not subscribed to this list and only just saw this. > > > - On the first point, the only thing I see is zstd, which we do not, in > > fact, ship the library itself, just the jni bindings. Was there anything > > else you saw? > > In the source release you are not (I assume) going to have jersey, BTW the > LICENSE and NOTICE files disagree about what license it's under. There > probably no need to mention it in NOTICE. > > Ignoring the stream code I think there is some 3rd party code in the > source release that would normally be mentioned in LICENSE. [1][2][3][4] > > Thanks, > Justin > > 1. > ./clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java > 2. > ./streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java > 3 ./tests/kafkatest/utils/util.py (and a couple of other files) > 4 ./gradlew > > >
Re: [VOTE] 2.6.2 RC0
Hi, > Can you clarify a few things? Sorry I'm not subscribed to this list and only just saw this. > - On the first point, the only thing I see is zstd, which we do not, in > fact, ship the library itself, just the jni bindings. Was there anything > else you saw? In the source release you are not (I assume) going to have jersey, BTW the LICENSE and NOTICE files disagree about what license it's under. There probably no need to mention it in NOTICE. Ignoring the stream code I think there is some 3rd party code in the source release that would normally be mentioned in LICENSE. [1][2][3][4] Thanks, Justin 1. ./clients/src/main/java/org/apache/kafka/common/utils/PureJavaCrc32C.java 2. ./streams/src/main/java/org/apache/kafka/streams/state/internals/Murmur3.java 3 ./tests/kafkatest/utils/util.py (and a couple of other files) 4 ./gradlew
Re: [VOTE] 2.6.2 RC0
Hi Justin, Thanks for bringing this up and for your advice in resolving it. I've carved out the specific chunk of work relating to copyright, and wanted to call your attention to a specific proposal I have to fix this situation: https://issues.apache.org/jira/browse/KAFKA-12593?focusedCommentId=17312609&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17312609 Do you mind weighing in there? Thank you, -John On Tue, 2021-03-23 at 01:57 +, Justin Mclean wrote: > HI, > > > - On the first point, the only thing I see is zstd, which we do not, in > > fact, ship the library itself, just the jni bindings. Was there anything > > else you saw? > > As far as I can see all of the software mentioned is not in the source > release so shouldn't be mentioned in LICENSE, but I'm not 100% familiar with > the code base, so could be mistaken. > > > There are a couple of java files where we maintain in lineage and copyright > > information, but in a separate comment where it should be clear that is > > what's happening. > > There more than a few files. While most of it is in the scala streams code > there are some other files as well. Here's the copyright lines in question > that I found: > - Copyright (C) 2017-2018 Alexis Seigneurin > - Copyright (C) 2018 Joan Goyeau. > - Copyright (C) 2018 Lightbend Inc. > - Copyright 2015 Confluent Inc. > - Copyright 2015 the original author or authors > > IMO If these files are licensed to the ASF they should have the correct > header. > > Thanks, > Justin
Re: [VOTE] 2.6.2 RC0
HI, > - On the first point, the only thing I see is zstd, which we do not, in > fact, ship the library itself, just the jni bindings. Was there anything > else you saw? As far as I can see all of the software mentioned is not in the source release so shouldn't be mentioned in LICENSE, but I'm not 100% familiar with the code base, so could be mistaken. > There are a couple of java files where we maintain in lineage and copyright > information, but in a separate comment where it should be clear that is > what's happening. There more than a few files. While most of it is in the scala streams code there are some other files as well. Here's the copyright lines in question that I found: - Copyright (C) 2017-2018 Alexis Seigneurin - Copyright (C) 2018 Joan Goyeau. - Copyright (C) 2018 Lightbend Inc. - Copyright 2015 Confluent Inc. - Copyright 2015 the original author or authors IMO If these files are licensed to the ASF they should have the correct header. Thanks, Justin
Re: [VOTE] 2.6.2 RC0
Hey Justin, Can you clarify a few things? - On the first point, the only thing I see is zstd, which we do not, in fact, ship the library itself, just the jni bindings. Was there anything else you saw? - On the second point, I checked the src download from the RC and afaict we use this header and include validation in the build for at least java files https://github.com/apache/kafka/commit/d0e436c471ba4122ddcc0f7a1624546f97c4a517. There are a couple of java files where we maintain in lineage and copyright information, but in a separate comment where it should be clear that is what's happening. So I think what you're referring to is mainly some scala files under the streams/streams-scala package? I think those are probably crept in via the 2 or 3 original contributors of that code, which started as an independent Apache licensed project https://github.com/lightbend/kafka-streams-scala but was merged in. I think these could be cleaned up similarly to Java examples so lineage/attribution can be maintained but in a separate comment that makes it clear it's historical information and not part of the current license for the file. - On the third point, this does seem to be the case, we only have about 3 dependencies listed there but pull in close to 90 jars (though some of those jars may be released/licensed together). These should be cleaned up. -Ewen On Fri, Mar 19, 2021 at 6:51 PM Justin Mclean wrote: > Hi, > > I was taking a look at this release candidate and noticed a number of > things from a licensing compliance point of view the set a little odd. Now > there may be some history here that I'm unaware of and a good reason why > things are like this. I can see: > - The LICENSE files include things that are not in the release but are > dependancies [1] this shouldn't be mentioned in the LICNSE file. > - A large number of headers have "licensed to the ASF" but include a > copyright line, I would expect this header to be used [2] and no copyright > line. If these are 3rd party files then I'd expect them to be mentioned in > LICENSE. > - Some 3rd party software is included in the software release but is not > mentioned in the license file [3] > > One of the issue we run into in the Incubator is podlings copy popular top > level projects approach to their LICENSE and NOTICE files and this can > cause a bit of confusion. > > As I said there may be good reason for above that I'm unaware of, however > I have reviewed 100's of releases at the ASF and the above seems a little > odd to me. I'm happy to help out in fixing these issues. > > Kind Regards, > Justin > > 1. https://infra.apache.org/licensing-howto.html#guiding > 2. https://www.apache.org/legal/src-headers.html#headers > 3. https://infra.apache.org/licensing-howto.html#alv2-dep >
Re: [VOTE] 2.6.2 RC0
Hi, I was taking a look at this release candidate and noticed a number of things from a licensing compliance point of view the set a little odd. Now there may be some history here that I'm unaware of and a good reason why things are like this. I can see: - The LICENSE files include things that are not in the release but are dependancies [1] this shouldn't be mentioned in the LICNSE file. - A large number of headers have "licensed to the ASF" but include a copyright line, I would expect this header to be used [2] and no copyright line. If these are 3rd party files then I'd expect them to be mentioned in LICENSE. - Some 3rd party software is included in the software release but is not mentioned in the license file [3] One of the issue we run into in the Incubator is podlings copy popular top level projects approach to their LICENSE and NOTICE files and this can cause a bit of confusion. As I said there may be good reason for above that I'm unaware of, however I have reviewed 100's of releases at the ASF and the above seems a little odd to me. I'm happy to help out in fixing these issues. Kind Regards, Justin 1. https://infra.apache.org/licensing-howto.html#guiding 2. https://www.apache.org/legal/src-headers.html#headers 3. https://infra.apache.org/licensing-howto.html#alv2-dep
