date:20160912

Re: [VOTE] Release Rya (Incubating) version 3.2.10

2016-09-12 Thread Josh Elser

Great, glad it's helpful. Also, thanks for taking this on. The first
release is always the hardest, and I didn't do a good job commending you
on stepping up :)

Aaron D. Mihalik wrote:

Thanks Josh! This list is great.

I'll add the RC-X to the "Vote" email for the next RC. I also updated the
release docs to include that note.

I added these tasks to track:

(Blocker) RYA-177 - Review License on Rya Dependencies
RYA-178 Review RAT Exclusions
RYA-179 - Review License / Copyright notices on Rya Artifacts
RYA-180 - Review Licensing of Shaded/War'd Rya Artifacts
RYA-182 - Review SCM Tag in Parent POM

Is RYA-180 subsumed by RYA-177? If we verify that all of the Rya
Dependencies are not "Category X", are there additional concerns about what
we war/shade up?

No, sadly :). The LICENSE and NOTICE files you have at the top-level of
the source-release are "easy" right now because you do not bundle any
other code than just "Apache Rya (incubating)". Therefore, you only have
to deal with Rya's licensing (which is simple).

When you start creating artifacts that contain other artifacts, you must
update LICENSE and NOTICE appropriately (in META-INF/ in JARs/WARs). A
tl;dr is that, for every dependency you bundle, you must include it's
license in the LICENSE file and propagate any relevant information from
their NOTICE file (e.g. copyright/attribution statements) into your
NOTICE file. There are lots of good write-ups coming out of other ASF
projects of late which can help distill this.

I would recommend we just make a note to deal with this post-3.2.10. As
an incubator project, you get a pass on doing this all 100% correct;
however, the incompatible licensing is pretty heinous (so I'm treating
these separately). :)

--Aaron

On Mon, Sep 12, 2016 at 11:35 AM Josh Elser wrote:

(thanks for the extension, I started looking at this and then forgot
about it)

-1 (binding)

First off, please include some sort of "RC-X" identifier in the vote
subject so that we can differentiate them in the archives.

- The good

* xsums+sigs match
* Can build from source
* Ran all unit tests (as invoked during `mvn package`)
* Found no binary files

- Things that must be fixed

* https://dist.apache.org/repos/dist/release/incubator/rya and
https://dist.apache.org/repos/dist/dev/incubator/rya don't exist. You
must have the former created with a KEYS file that contains the GPG
public keys for those creating Rya release notes. Typically, you should
use dist.a.o/repos/dist/dev/incubator/rya to stage your release
artifacts, although policy on whether using the staging repo alone is
sufficient is not clear to me. (were it not for the licensing issues
below, we could just fix this)
* jgridshift:jgridshift appears to be LGPL licensed
(https://github.com/floscher/jGridShift/blob/master/LICENSE). You may
not use this software. It looks like it was not appropriately marked in
its pom which is why the configuration from Rya's parent apache.pom did
not catch it. This is brought in via org.geotools.xsd:gt-xsd-gml3.
* colt (http://dst.lbl.gov/ACSSoftware/colt/) appears to be another
brought in by com.tinkerpop.blueprints:blueprints-core
* com.google.code.findbugs:jsr305 is another example of GPL licensing.
While the artifact appears to have the ASL tagged on the pom, all
Findbugs documentation states that the project is GPL.

I would recommend to make a pass over your dependencies to verify that
you aren't depending on any projects which are licensed with a license
on this list: http://www.apache.org/legal/resolved.html#category-x. See
http://www.apache.org/licenses/GPL-compatibility.html for more details.
The above three examples were found via a brief glance.

- Things to fix later (later rc's or the next release)

* Copyright year in NOTICE is wrong (2015 instead of 2016)
* mvn apache-rat:check passes (after `rm DEPENDENCIES`)
* A number of files which have 'Copyright (C) 2014 Rya' in the license
header in extras/rya.merger that should not exist. Copyright statement
should only appear in the NOTICE file (`fgrep -Ri 'copyright'
rya-project-3.2.10 | fgrep -v 'The ASF licenses this file'`)
*v3.2.10-RC1 is incorrect in parent pom
* I see a bunch of maven-shade-plugin uses and at least one warfile
project: keep in mind that you should be ensuring that the generated
artifacts by your official source-release should also be licensed per
ASF policy. This isn't something you have to fix for this first release,
but it would bar Rya from a +1 to graduate from me.
* Saw some XML files in the build which were excluded from the
apache-rat-plugin. I'd recommend minimizing the exclusions as much as
possible.

- Josh

Aaron D. Mihalik wrote:

I am pleased to be calling this vote for the source release of Apache Rya
(Incubating), version 3.2.10.

The source zip, including signatures, digests, etc. can be found at:

https://repository.apache.org/content/repositories/orgapacherya-1001/org/apache/rya/rya-project/3.2.10/

The

Re: [VOTE] Release Rya (Incubating) version 3.2.10

2016-09-12 Thread David Lotts

-1 (non-binding)  because RYA-169 Mongo direct example is broken.  This is
fixed in pull request #87
The example is important and should be working in the release IMHO.
david.

On Mon, Sep 12, 2016 at 12:04 PM, Aaron D. Mihalik 
wrote:

> Thanks Josh!  This list is great.
>
> I'll add the RC-X to the "Vote" email for the next RC.  I also updated the
> release docs to include that note.
>
> I added these tasks to track:
>
> (Blocker) RYA-177 - Review License on Rya Dependencies
> RYA-178 Review RAT Exclusions
> RYA-179 - Review License / Copyright notices on Rya Artifacts
> RYA-180 - Review Licensing of Shaded/War'd Rya Artifacts
> RYA-182 - Review SCM Tag in Parent POM
>
> Is RYA-180 subsumed by RYA-177?  If we verify that all of the Rya
> Dependencies are not "Category X", are there additional concerns about what
> we war/shade up?
>
> --Aaron
>
> On Mon, Sep 12, 2016 at 11:35 AM Josh Elser  wrote:
>
> > (thanks for the extension, I started looking at this and then forgot
> > about it)
> >
> > -1 (binding)
> >
> > First off, please include some sort of "RC-X" identifier in the vote
> > subject so that we can differentiate them in the archives.
> >
> > - The good
> >
> > * xsums+sigs match
> > * Can build from source
> > * Ran all unit tests (as invoked during `mvn package`)
> > * Found no binary files
> >
> > - Things that must be fixed
> >
> > * https://dist.apache.org/repos/dist/release/incubator/rya and
> > https://dist.apache.org/repos/dist/dev/incubator/rya don't exist. You
> > must have the former created with a KEYS file that contains the GPG
> > public keys for those creating Rya release notes. Typically, you should
> > use dist.a.o/repos/dist/dev/incubator/rya to stage your release
> > artifacts, although policy on whether using the staging repo alone is
> > sufficient is not clear to me. (were it not for the licensing issues
> > below, we could just fix this)
> > * jgridshift:jgridshift appears to be LGPL licensed
> > (https://github.com/floscher/jGridShift/blob/master/LICENSE). You may
> > not use this software. It looks like it was not appropriately marked in
> > its pom which is why the configuration from Rya's parent apache.pom did
> > not catch it. This is brought in via org.geotools.xsd:gt-xsd-gml3.
> > * colt (http://dst.lbl.gov/ACSSoftware/colt/) appears to be another
> > brought in by com.tinkerpop.blueprints:blueprints-core
> > * com.google.code.findbugs:jsr305 is another example of GPL licensing.
> > While the artifact appears to have the ASL tagged on the pom, all
> > Findbugs documentation states that the project is GPL.
> >
> > I would recommend to make a pass over your dependencies to verify that
> > you aren't depending on any projects which are licensed with a license
> > on this list: http://www.apache.org/legal/resolved.html#category-x. See
> > http://www.apache.org/licenses/GPL-compatibility.html for more details.
> > The above three examples were found via a brief glance.
> >
> > - Things to fix later (later rc's or the next release)
> >
> > * Copyright year in NOTICE is wrong (2015 instead of 2016)
> > * mvn apache-rat:check passes (after `rm DEPENDENCIES`)
> > * A number of files which have 'Copyright (C) 2014 Rya' in the license
> > header in extras/rya.merger that should not exist. Copyright statement
> > should only appear in the NOTICE file (`fgrep -Ri 'copyright'
> > rya-project-3.2.10 | fgrep -v 'The ASF licenses this file'`)
> > * v3.2.10-RC1 is incorrect in parent pom
> > * I see a bunch of maven-shade-plugin uses and at least one warfile
> > project: keep in mind that you should be ensuring that the generated
> > artifacts by your official source-release should also be licensed per
> > ASF policy. This isn't something you have to fix for this first release,
> > but it would bar Rya from a +1 to graduate from me.
> > * Saw some XML files in the build which were excluded from the
> > apache-rat-plugin. I'd recommend minimizing the exclusions as much as
> > possible.
> >
> > - Josh
> >
> > Aaron D. Mihalik wrote:
> > > I am pleased to be calling this vote for the source release of Apache
> Rya
> > > (Incubating), version 3.2.10.
> > >
> > > The source zip, including signatures, digests, etc. can be found at:
> > >
> > https://repository.apache.org/content/repositories/
> orgapacherya-1001/org/apache/rya/rya-project/3.2.10/
> > >
> > > The Git tag is v3.2.10
> > > The Git commit ID is 16196b4c658062545964602835cb5fbd2870e578
> > >
> > https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=
> 16196b4c658062545964602835cb5fbd2870e578
> > >
> > > Checksums of rya-project-3.2.10-source-release.zip:
> > > SHA1: dee4a5e4f8e74c4de614d02c7b17a5e0db132649
> > > MD5: df4a47ae1232725bc95450f5e49de95c
> > >
> > > Release artifacts are signed with the following key:
> > > https://people.apache.org/keys/committer/mihalik.asc
> > >
> > > Issues that were closed/resolved for this release are here:
> > >
> >

Re: [VOTE] Release Rya (Incubating) version 3.2.10

2016-09-12 Thread Aaron D. Mihalik

Thanks Josh!  This list is great.

I'll add the RC-X to the "Vote" email for the next RC.  I also updated the
release docs to include that note.

I added these tasks to track:

(Blocker) RYA-177 - Review License on Rya Dependencies
RYA-178 Review RAT Exclusions
RYA-179 - Review License / Copyright notices on Rya Artifacts
RYA-180 - Review Licensing of Shaded/War'd Rya Artifacts
RYA-182 - Review SCM Tag in Parent POM

Is RYA-180 subsumed by RYA-177?  If we verify that all of the Rya
Dependencies are not "Category X", are there additional concerns about what
we war/shade up?

--Aaron

On Mon, Sep 12, 2016 at 11:35 AM Josh Elser  wrote:

> (thanks for the extension, I started looking at this and then forgot
> about it)
>
> -1 (binding)
>
> First off, please include some sort of "RC-X" identifier in the vote
> subject so that we can differentiate them in the archives.
>
> - The good
>
> * xsums+sigs match
> * Can build from source
> * Ran all unit tests (as invoked during `mvn package`)
> * Found no binary files
>
> - Things that must be fixed
>
> * https://dist.apache.org/repos/dist/release/incubator/rya and
> https://dist.apache.org/repos/dist/dev/incubator/rya don't exist. You
> must have the former created with a KEYS file that contains the GPG
> public keys for those creating Rya release notes. Typically, you should
> use dist.a.o/repos/dist/dev/incubator/rya to stage your release
> artifacts, although policy on whether using the staging repo alone is
> sufficient is not clear to me. (were it not for the licensing issues
> below, we could just fix this)
> * jgridshift:jgridshift appears to be LGPL licensed
> (https://github.com/floscher/jGridShift/blob/master/LICENSE). You may
> not use this software. It looks like it was not appropriately marked in
> its pom which is why the configuration from Rya's parent apache.pom did
> not catch it. This is brought in via org.geotools.xsd:gt-xsd-gml3.
> * colt (http://dst.lbl.gov/ACSSoftware/colt/) appears to be another
> brought in by com.tinkerpop.blueprints:blueprints-core
> * com.google.code.findbugs:jsr305 is another example of GPL licensing.
> While the artifact appears to have the ASL tagged on the pom, all
> Findbugs documentation states that the project is GPL.
>
> I would recommend to make a pass over your dependencies to verify that
> you aren't depending on any projects which are licensed with a license
> on this list: http://www.apache.org/legal/resolved.html#category-x. See
> http://www.apache.org/licenses/GPL-compatibility.html for more details.
> The above three examples were found via a brief glance.
>
> - Things to fix later (later rc's or the next release)
>
> * Copyright year in NOTICE is wrong (2015 instead of 2016)
> * mvn apache-rat:check passes (after `rm DEPENDENCIES`)
> * A number of files which have 'Copyright (C) 2014 Rya' in the license
> header in extras/rya.merger that should not exist. Copyright statement
> should only appear in the NOTICE file (`fgrep -Ri 'copyright'
> rya-project-3.2.10 | fgrep -v 'The ASF licenses this file'`)
> * v3.2.10-RC1 is incorrect in parent pom
> * I see a bunch of maven-shade-plugin uses and at least one warfile
> project: keep in mind that you should be ensuring that the generated
> artifacts by your official source-release should also be licensed per
> ASF policy. This isn't something you have to fix for this first release,
> but it would bar Rya from a +1 to graduate from me.
> * Saw some XML files in the build which were excluded from the
> apache-rat-plugin. I'd recommend minimizing the exclusions as much as
> possible.
>
> - Josh
>
> Aaron D. Mihalik wrote:
> > I am pleased to be calling this vote for the source release of Apache Rya
> > (Incubating), version 3.2.10.
> >
> > The source zip, including signatures, digests, etc. can be found at:
> >
> https://repository.apache.org/content/repositories/orgapacherya-1001/org/apache/rya/rya-project/3.2.10/
> >
> > The Git tag is v3.2.10
> > The Git commit ID is 16196b4c658062545964602835cb5fbd2870e578
> >
> https://git-wip-us.apache.org/repos/asf?p=incubator-rya.git;a=commit;h=16196b4c658062545964602835cb5fbd2870e578
> >
> > Checksums of rya-project-3.2.10-source-release.zip:
> > SHA1: dee4a5e4f8e74c4de614d02c7b17a5e0db132649
> > MD5: df4a47ae1232725bc95450f5e49de95c
> >
> > Release artifacts are signed with the following key:
> > https://people.apache.org/keys/committer/mihalik.asc
> >
> > Issues that were closed/resolved for this release are here:
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12334209=Html=12319020
> >
> > The vote will be open for 72 hours.
> > Please download the release candidate and evaluate the necessary items
> > including checking hashes, signatures, build from source, and test.  Then
> > please vote:
> >
> > [ ] +1 Release this package as rya-project-3.2.10
> > [ ] +0 no opinion
> > [ ] -1 Do not release this package because because...
> >
>

Re: [VOTE] Release Rya (Incubating) version 3.2.10

2016-09-12 Thread Aaron D. Mihalik

All,

I haven't received any votes on the release, so let's keep this vote open
until Wednesday at 10pm EDT.

Please reach out if you have any questions about downloading the artifacts,
building the source, and testing Rya.  All of the Rya Release process
documentation are currently under development, so any questions the dev
list has, or any issues people have will be incorporated into the
documentation.

--Aaron

On Sat, Sep 10, 2016 at 4:21 PM Josh Elser  wrote:

> Negative, don't worry about it.
>
> I would add an exclusion to the apache-rat-plugin configuration for it.
>
> Aaron D. Mihalik wrote:
> > Apache rat is failing. Delete .\DEPENDENCIES
> >
> > It does not have a license header (is that required for that file?)
> > On Sat, Sep 10, 2016 at 3:11 PM Adina Crainiceanu
> wrote:
> >
> >> I'm trying to figure out how to vote for this release by following the
> >> checklist at:
> >>
> >> http://incubator.apache.org/guides/releasemanagement.html#check-list
> >>
> >> I'm trying to build from source. I downloaded the
> >> rya-project-3.2.10-source-release.zip
> >> <
> >>
> https://repository.apache.org/content/repositories/orgapacherya-1001/org/apache/rya/rya-project/3.2.10/rya-project-3.2.10-source-release.zip
> >>> ,
> >> unzip it, and then I just tried mvn clean install, but I got errors. How
> >> should I try to build from the source? I'm using Maven 3.0.5.
> >>
> >> I copy-pasted the error messages below, in case it helps
> >>
> >> Thanks,
> >> Adina
> >>
> >> $ mvn clean install
> >> [INFO] Scanning for projects...
> >> Downloading:
> >>
> >>
> http://repository.codehaus.org/org/codehaus/groovy/groovy-eclipse-batch/maven-metadata.xml
> >> Downloading:
> >>
> >>
> http://nexus.codehaus.org/snapshots/org/codehaus/groovy/groovy-eclipse-batch/maven-metadata.xml
> >> [WARNING] Could not transfer metadata
> >> org.codehaus.groovy:groovy-eclipse-batch/maven-metadata.xml from/to
> >> codehaus.org (http://repository.codehaus.org): repository.codehaus.org:
> >> unknown error
> >> [WARNING] Could not transfer metadata
> >> org.codehaus.groovy:groovy-eclipse-batch/maven-metadata.xml from/to
> >> codehaus-snapshots (http://nexus.codehaus.org/snapshots/):
> >> nexus.codehaus.org: unknown error
> >> [WARNING]
> >> [WARNING] Some problems were encountered while building the effective
> model
> >> for org.apache.rya:rya.prospector:jar:3.2.10
> >> [WARNING] 'build.plugins.plugin.version' for
> >> org.apache.maven.plugins:maven-shade-plugin is missing. @ line 106,
> column
> >> 21
> >> [WARNING]
> >> [WARNING] Some problems were encountered while building the effective
> model
> >> for org.apache.rya:rya.indexing:jar:3.2.10
> >> [WARNING] 'build.plugins.plugin.version' for
> >> org.apache.maven.plugins:maven-shade-plugin is missing. @ line 156,
> column
> >> 12
> >> [WARNING]
> >> [WARNING] Some problems were encountered while building the effective
> model
> >> for org.apache.rya:rya.reasoning:jar:3.2.10
> >> [WARNING] 'build.plugins.plugin.version' for
> >> org.apache.maven.plugins:maven-shade-plugin is missing. @ line 97,
> column
> >> 21
> >> [WARNING]
> >> [WARNING] Some problems were encountered while building the effective
> model
> >> for org.apache.rya:accumulo.pig:jar:3.2.10
> >> [WARNING] 'build.plugins.plugin.version' for
> >> org.apache.maven.plugins:maven-shade-plugin is missing. @ line 78,
> column
> >> 21
> >> [WARNING]
> >> [WARNING] It is highly recommended to fix these problems because they
> >> threaten the stability of your build.
> >> [WARNING]
> >> [WARNING] For this reason, future Maven versions might no longer support
> >> building such malformed projects.
> >> [WARNING]
> >> [INFO]
> >> 
> >> [INFO] Reactor Build Order:
> >> [INFO]
> >> [INFO] Apache Rya Project
> >> [INFO] Apache Rya Common Projects
> >> [INFO] Apache Rya Common API
> >> [INFO] Apache Rya Provenance
> >> [INFO] Apache Rya DAO Projects
> >> [INFO] Apache Rya Accumulo DAO
> >> [INFO] Apache Rya MongoDB DAO
> >> [INFO] Apache Rya Extra Projects
> >> [INFO] Apache Rya Prospector
> >> [INFO] Apache Rya Manual
> >> [INFO] Apache Rya SAIL
> >> [INFO] Apache Rya PCJ Core
> >> [INFO] Apache Rya PCJ Fluo Parent
> >> [INFO] Apache Rya PCJ Fluo App
> >> [INFO] Apache Rya PCJ Fluo API
> >> [INFO] Apache Rya Secondary Indexing
> >> [INFO] Apache Rya MapReduce Tools
> >> [INFO] Apache Rya Tinkerpop
> >> [INFO] Apache Rya Console
> >> [INFO] Apache Rya Secondary Indexing Example
> >> [INFO] Apache Rya Reasoning
> >> [INFO] Apache Rya Vagrant VM
> >> [INFO] Apache Rya PCJ Fluo Client
> >> [INFO] Apache Rya PCJ Fluo Integration Tests
> >> [INFO] Apache Rya PCJ Fluo Demo
> >> [INFO] Apache Rya Merge Tool
> >> [INFO] Apache Rya OSGI Bundle
> >> [INFO] Apache Rya ALX
> >> [INFO] Apache Rya ALX Console
> >> [INFO] Apache Rya Camel
> >> [INFO] Apache Rya Pig Projects
> >> [INFO] Apache Rya Accumulo Pig
> >> [INFO] Apache Rya Web Projects

Re: [VOTE] Release Rya (Incubating) version 3.2.10

Re: [VOTE] Release Rya (Incubating) version 3.2.10

Re: [VOTE] Release Rya (Incubating) version 3.2.10

Re: [VOTE] Release Rya (Incubating) version 3.2.10

4 matches

Site Navigation

Mail list logo

Footer information