Re: [Discuss] Graduate Apache SINGA (incubating) as a TLP
Hi, I just took a look at the Sign incubator report and it needs some improvement. If you were a TLP if and a report like this was submitted to the board, it would likely be rejected, or attract questions. I suggest you add a bit more meaningful detail to the report. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Incubator podling reports due today
> On Sep 4, 2019, at 3:50 PM, Justin Mclean wrote: > > Hi, > > Thursday morning here and still to report are: > Amaterasu* > Hivemall > Iceberg > Marvin-AI > Omid** > SINGA > Superset > Tamaya* > Taverna > Tephra > Warble Warble just reported…. > > * did not report last month. > > A couple of the reports need more detail and may be rejected, I’ll contact > the podlings individually. > > Thanks, > Justin > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Incubator podling reports due today
Hi, Thursday morning here and still to report are: Amaterasu* Hivemall Iceberg Marvin-AI Omid** SINGA Superset Tamaya* Taverna Tephra Warble * did not report last month. A couple of the reports need more detail and may be rejected, I’ll contact the podlings individually. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the best tool to scan the code?
Hi, 1. ossindex from sonatype covers a lot 2. not sure what you means, findbugs or more checkstyle/pmd? 3. rat plugin for example (see apache creadur tools too, there are license tools). Also note that with the initial dep review + review of the license each time a new dep is added in standard asf review flow you rarely need to scan them actually. 4. you can also check binary only contains your code + deps so no need to rescan in such a case. Blackduck is good but does not scale well for huge projects (> 60 modules) and is not free, sourceclear is also a not that bad alternative but is not free too I think. My 2cts being that the previous setup works well for asf projects, stays free and integrated to the build (compared to blackduck or sourceclear which are using two steps/async process as solutions). Hope it helps Le mer. 4 sept. 2019 à 23:13, Xun Hu a écrit : > We would like to scan our code to: > 1) dependency analysis > 2) snippet matching > 3) license analysis > 4) binary analysis - optional > > We found one paid solution - black duck, not sure there is any open source > solution on the market. > > Thanks, > -xun > > -Original Message- > From: Justin Mclean > Sent: Wednesday, September 4, 2019 1:59 PM > To: general@incubator.apache.org > Subject: Re: What is the best tool to scan the code? > > HI, > > > We have one open source project, and I would like to find a tool to scan > the code before we open it. > > Sorry but it unclear to me, what you what to scan the code for. > > Thanks, > Justin > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: What is the best tool to scan the code?
HI, > We would like to scan our code to: > 1) dependency analysis Most build tools can do this. > 2) snippet matching I don’t know of any open source project that does this, but that not to say ones doesn’t exist. > 3) license analysis Apache Rat is a simple tool that can help with this, if you want something more detailed try Fossology. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: What is the best tool to scan the code?
We would like to scan our code to: 1) dependency analysis 2) snippet matching 3) license analysis 4) binary analysis - optional We found one paid solution - black duck, not sure there is any open source solution on the market. Thanks, -xun -Original Message- From: Justin Mclean Sent: Wednesday, September 4, 2019 1:59 PM To: general@incubator.apache.org Subject: Re: What is the best tool to scan the code? HI, > We have one open source project, and I would like to find a tool to scan the > code before we open it. Sorry but it unclear to me, what you what to scan the code for. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the best tool to scan the code?
HI, > We have one open source project, and I would like to find a tool to scan the > code before we open it. Sorry but it unclear to me, what you what to scan the code for. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: Is it safe to include valgrind.h?
Hi, It’s under a Category A license so would be safe to include, however that then gives you a dependancy on a Category X bit of software which is not normally allowed. Is valgrind needed by all users or is it optional? Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [DISCUSS] Graduate Apache Rya (incubating) as a TLP
I’ve been monitoring Rya for a few years now. The project seems to have a steady level of activity from diverse contributors, operating according to the Apache Way. +1 to graduate, good luck! Julian > On Sep 3, 2019, at 6:27 PM, Adina Crainiceanu wrote: > > Hi, > > 5 of the proposed PMC members are from Parsons, all others have different > affiliations (different from Parsons and different from each other). > Thanks, > Adina > > On Tue, Sep 3, 2019 at 6:50 PM Justin Mclean > wrote: > >> Hi, >> >> Just out of interest what is the diversity (in terms of company >> affiliation) of the proposed PMC like? >> >> Thanks, >> Justin >> - >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> > > -- > Dr. Adina Crainiceanu > Associate Professor > Computer Science Department > United States Naval Academy > 410-293-6822 > ad...@usna.edu > http://www.usna.edu/Users/cs/adina/ - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
What is the best tool to scan the code?
Hi, all, We have one open source project, and I would like to find a tool to scan the code before we open it. What is the best tool you can recommend to us? Best, -xun - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Is it safe to include valgrind.h?
Hi, guys, We have included one file named as valgrind.h under brpc’s source code. https://github.com/apache/incubator-brpc/blob/master/src/butil/third_party/valgrind/LICENSE https://github.com/apache/incubator-brpc/blob/master/src/butil/third_party/valgrind/valgrind.h According to its license statement, valgrind.h is released under BSD style license, Other part of valgrind is released under GPL v2. But we only include valgrind.h and its license file. And I also get its original version as https://github.com/svn2github/valgrind/blob/master/include/valgrind.h we will include both valgrind.h and its LICENSE in our next apache release. So it looks that it is safe for us to include valgrind.h and its License in brpc’s source tarball, right? Please help us to confirm, thanks - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org