Re: [VOTE] Release Airflow 1.10.0
HI, > On the GPL dependency you mentioned. We are not distributing GPL sources, not > in source or in binary form. This has never been the case. Which is fine. There are two issues with GPL (Category X software): - you can’t distribute them [1] - Can you rely on them [2] It’s [2] that seem to be the issues here. Optional dependancies on Category X are allowed but I’m really not sure in this case that it is truly optional. > As to our solution (for now). Python packages are often installed site-wide > and can be part of the dependencies of other packages. While we maybe could > enforce the installation of the non-GPL API it would/could 1) interfere with > other packages on the same system that do not set this environment variable > explicitly. 2) If any the other packages upgrades without setting this > variable it would pull in the GPL API. So we decided that it would be better > to educate the user and make it part of the install instructions. > > We can reconsider, but we cannot solve #1 and #2. Which, in my opinion, would > make it more opaque to the users. IMO at the very least user should be informed that this is the case and loudly and possibly with a prompt as part of the build and install process so that they understand that what they are using may not be under the terms of the ALv2 as claimed on the cover. > Given the current situation is at least improvement over the old situation > can you reconsider your -1 for this release and preferably agree with our > approach (or maybe have an improvement over it)? I would suggest you reopen the legal JIRA and describe the current situation (like above) and see if an answer can be found. Other IPMC member (and you mentors) can vote on this release and if it gets 3 +1’s and more plus ones than -1s then it’s a release. Remember a -1 vote on a release is not a veto. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Airflow 1.10.0
Friendly ping @justin Verstuurd vanaf mijn iPad > Op 21 jul. 2018 om 20:33 heeft Bolke de Bruin het > volgende geschreven: > > Hi Justin, > > Thank you for the thorough review! I have created AIRFLOW-2779 to track most > of the issues you have raised. > > On the GPL dependency you mentioned. We are not distributing GPL sources, not > in source or in binary form. This has never been the case. In the third > degree there potentially was a GPL issue during runtime. The author of the > package in question (unidecode) when asked mentioned several times that he > considered the usage equal to an API (ie. like the Linux kernel exposing a > set of generic calls) and the API could be implemented by an alternative. > This was discussed in LEGAL-362, which you took part in. > > We managed to convince the upstream package maintainers (python-slugify and > python-nvd3) to allow a patch that allowed switching to a different API > implementation by setting a environment variable while installing their > packages and to release new versions. However it is not the default for them. > This means at least that the situation we are now in is an improvement over > the previous releases (1.8.0 -> 1.8.1 -> 1.8.2 -> 1.9.0) as there was no way > switch and avoid the package before. > > As to our solution (for now). Python packages are often installed site-wide > and can be part of the dependencies of other packages. While we maybe could > enforce the installation of the non-GPL API it would/could 1) interfere with > other packages on the same system that do not set this environment variable > explicitly. 2) If any the other packages upgrades without setting this > variable it would pull in the GPL API. So we decided that it would be better > to educate the user and make it part of the install instructions. > > We can reconsider, but we cannot solve #1 and #2. Which, in my opinion, would > make it more opaque to the users. > > Given the current situation is at least improvement over the old situation > can you reconsider your -1 for this release and preferably agree with our > approach (or maybe have an improvement over it)? > > Cheers > Bolke > > > >> On 21 Jul 2018, at 03:03, Justin Mclean wrote: >> >> Hi, >> >> -1 (binding) because of GPL dependancy >> >> I checked the source release: >> - incubating in name >> - signatures and hash good but please remove md5 hashes and don’t publish >> then >> - DISCLAIMER exists >> - Year in NOTICE is not correct "2016 and onwards” isn’t valid as copyright >> has an expiry date >> - NOTICE and LICENSE have a couple of minor issues (see below) >> - Several files look to have incorrect headers with copyright lines >> [8][9][10] Are these actually 3rd party files? >> - No unexpected binary files >> - Failed to install, probably my set up. Would be nice to note python >> version required and supported OS’s in INSTALL. >> >> LICENSE is: >> - missing jQuery clock [3] and typeahead [4], as they are ALv2 it’s not >> required to list them but it’s a good idea to do so. >> - missing the license for this [5] >> - this file [7] oddly has © 2016 GitHub, Inc.at the bottom of it >> >> This files [1][2] seem to be 3rd party ALv2 licensed files that refers to a >> NOTICE file, that information in that NOTICE file (at the very least the >> copyright into) should be in your NOTICE file. This should also be noted in >> LICENSE. >> >> I also find it very odd that the GPL dependancy unidecode is opt out, rather >> than opt in (ie the user has to do something to not get it) and that makes >> it non optional IMO [6]. Can you explain why it was done this way and I’ll >> consider changing my vote. >> >> Thanks, >> Justin >> >> 1. /airflow/security/utils.py >> 2. ./airflow/security/kerberos.py >> 3. ./airflow/www_rbac/static/jqClock.min.js >> 4. ./airflow/www/static/bootstrap3-typeahead.min.js >> 5. ./apache-airflow-1.10.0rc2+incubating/scripts/ci/flake8_diff.sh >> 6. https://www.apache.org/legal/resolved.html#optional >> 7. ./docs/license.rst >> 8. airflow/contrib/auth/backends/google_auth.py >> 9. /airflow/contrib/auth/backends/github_enterprise_auth.py >> 10. /airflow/contrib/hooks/ssh_hook.py >> 11. /airflow/minihivecluster.py >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [DISCUSS] Retirement Policies related to GitHub/GitBox
On Tue, 10 Jul 2018 23:19:01 -0500, Greg Stein wrote: > On Fri, Jun 29, 2018 at 9:35 PM Greg Stein wrote: > > > On Fri, Jun 29, 2018 at 1:10 PM Dave Fisher wrote: > > >... > > > >> For podlings that have an active GitHub through GitBox the implication of > >> this step is that the IPMC will now have control of the GitHub auth. > >> > >> (1) What needs to be done to the archive to make it clear that the > >> podling is retired? Shouldn’t the README.md be modified in a prior step? > >> > >> (2) Also, in some cases the retirement could mean the transfer of the > >> GitHub project elsewhere. Do we want to force a fork, or allow the > >> project’s GitHub to move elsewhere> > >> > > > > This is important *today* ... please see: > > https://issues.apache.org/jira/browse/INFRA-16698 > I transferred the mirrors of our two Taverna git-wip repositories. But a > good question is: what to do with the old git-wip repos? Keep or toss? They > aren't "part of" the ASF any more. I think we agreed earlier on this particular case to permit a move elsewhere GitHub-wise - but I am not sure if that should be a general policy. A project should also be allowed to move to a different host like GitLab. I suggested in the issue for the git-wip repos, if we really want to keep them around, then to do a "git rm *" and then add README.md that says where they are moved to or why they are archived. Then the code is still there in the git log at "use at own risk", since it didn't graduate from the incubator, although the code was still supposedly covered by the software grant to ASF and as ASF contributions while in the incubator. And so that code "wants to stay open" But "use at own risk" because it didn't graduate - in our case because there were some unresolved IP issues. This should not be any different than pre-incubator code being in the git log which may include code of a different license. - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache NetBeans 9.0 (incubating) [vote candidate 3]
Hi all, Not directly relevant since this is relevant to the functioning of the convenience binary, but it might be interesting from an informative point of view for all to know that the Apache NetBeans (incubating) community has done a Community Acceptance survey [1] for users of the upcoming Apache NetBeans (incubating) 9.0. I.e., the survey is about the usage and functionality of the convenience binary of the voting candidate under consideration in this thread and the results are documented below. [1] https://cwiki.apache.org/confluence/display/NETBEANS/Results +from+Apache+NetBeans+IDE+9.0+Community+Acceptance+survey Thanks, Gj On Tue, Jul 24, 2018 at 7:27 AM, Emilian Bold < emilian.b...@protonmail.ch.invalid> wrote: > Hi all, > > The Apache NetBeans community has voted on and approved a proposal to > release Apache NetBeans 9.0 (incubating) [vc3]. > > We now kindly request that the Incubator PMC members review and vote on > this incubator release candidate. > > Vote thread: > > https://lists.apache.org/thread.html/a644bb8e3ba2cbd06328bb004f1b18 > b4171763cd3d78a9131615f687@%3Cdev.netbeans.apache.org%3E > > Vote result thread: > > https://lists.apache.org/thread.html/31f8a8fd70dc2ba635c6a67693c512 > ed9e5b30af99fbe79afe55293b@%3Cdev.netbeans.apache.org%3E > > In the above, note there are two IPMC binding votes from Ate Douma and > Bertrand Delacretaz, both Apache NetBeans (incubating) mentors, 11 PPMC > votes and 16 Apache NetBeans community votes. > > Apache NetBeans 9.0 (incubating) constitutes all the modules in the Apache > NetBeans Git repo, which together provide the NetBeans Platform (i.e., the > underlying application framework), as well as all the modules that provide > the Java SE-related features of Apache NetBeans. > > In short, Apache NetBeans 9.0 (incubating) is a full IDE for Java SE > development. > > Build artifacts available here: > > https://dist.apache.org/repos/dist/dev/incubator/netbeans/ > incubating-netbeans-java/incubating-9.0-vc3 > > The specific artifact to be voted on: > > https://dist.apache.org/repos/dist/dev/incubator/netbeans/ > incubating-netbeans-java/incubating-9.0-vc3/incubating- > netbeans-java-9.0-source.zip > > Included in the above are the DEPENDENCIES, DISCLAIMER, LICENSE, and > NOTICE files, as well as a README file with build instructions, which are > the same as these: > > https://gitbox.apache.org/repos/asf?p=incubator- > netbeans.git;a=blob_plain;f=README.md;h=eccd3c6cc707ba9ca219bcfb729794 > 35d85f5f7a;hb=97904961e496383d6150aef9b78fa8dff8f3e1ce > > SHA1: ed2098c173460ec81f05635055066da06a7ea82b > > KEYS file: > > https://dist.apache.org/repos/dist/release/incubator/netbeans/KEYS > > Apache NetBeans Git Repo tag: 9.0-vc3 : > > https://gitbox.apache.org/repos/asf?p=incubator-netbeans.git;a=tag;h=refs/ > tags/9.0-vc3 > > Note: NetBeans license violation checks are managed via the > rat-exclusions.txt file: > > https://gitbox.apache.org/repos/asf?p=incubator- > netbeans.git;a=blob;f=nbbuild/rat-exclusions.txt;h= > 36cb8a3eae40bd7fc41c63c6055bce42f7916859;hb=97904961e496383d6150aef9b78fa8 > dff8f3e1ce > > Rat report shows no unknown licenses, except for license files: > > https://builds.apache.org/job/incubator-netbeans-release/ > 334/artifact/rat-java-temp/nbbuild/build/rat-report.txt > > Included as a convenience binary, not relevant for the voting purposes > (unzip it, run it and you'll see Apache NetBeans): > > https://dist.apache.org/repos/dist/dev/incubator/netbeans/ > incubating-netbeans-java/incubating-9.0-vc3/incubating- > netbeans-java-9.0-bin.zip > > Also included as a convenience binary the NBMs: > > https://dist.apache.org/repos/dist/dev/incubator/netbeans/ > incubating-netbeans-java/incubating-9.0-vc3/nbms > > New & Noteworthy features of the 9.0 Release: > > https://cwiki.apache.org/confluence/display/NETBEANS/ > Apache+NetBeans+9.0+New+and+Noteworthy > > Release specific wiki page: > > https://cwiki.apache.org/confluence/display/NETBEANS/ > Apache+NetBeans+9.0+Final+Release > > How (and what) to try out the release: > > 1. Download the artifact to be voted on and unzip it. > 2. Verify the cryptographic signatures, the NOTICE and LICENSE file > 3. Build it using the README provided by the artifact. > 4. Look in nbbuild/netbeans for the NetBeans installation created by the > build process. > 5. Run the NetBeans executable and (if you're running on JDK 8) you'll be > prompted to install nb-javac, after agreeing to its licensing terms, and > (if you're running on JDK 9), you'll be able to use javac directly from JDK > 9 and, optionally, you'll be prompted to install nb-javac, after agreeing > to its licensing terms. > > If the above succeeds, vote +1 in this thread. > > Please try out the package, using the instructions above, and vote! > > The vote is open for 5 days. > > [ ] +1 Release this package as Apache NetBeans 9.0 (incubating) > [ ] 0 I don't feel strongly about it, but I'm okay with the release > [ ] -1 Do not release this package
