Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
On Sat, May 4, 2024 at 8:50 PM Junchao Chen wrote: > hi Justin, > > I have removed all the related code from the source files, and there are no > GPL dependencies there. > Those dependencies are an optional setting in our project, it is not > necessary. > Just to put it out there - I think the license listing for RocksDB is wrong. It's a dual licensed piece of software (GPLv2 + Apache License V2). Similar for zstd, it's a dual license BSD-3 and GPLv2. So I suspect the real issue is that you mislabeled it as GPLv2 but you actually wanted to label them under the permissive license we can use. And keep in mind, your source license file should represent the contents of your source release. If you bring in dependencies when building, you should reference those separately, likely under a binary release. Just wondering, but who are your mentors? What was their feedback on the release? They should be able to help you sort this out. > > Thanks, > junchao > > On Sat, May 4, 2024 at 5:36 PM Justin Mclean > wrote: > > > HI, > > > > > Thanks for letting me know. > > > I have removed those dependencies. > > > > What goes in the license file is any 3rd party licenses that are included > > in the source release, not those that are dependencies. But unless it is > > optional, you also can’t have any GPL dependencies. > > > > Kind Regards, > > Justin > > - > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > >
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
hi Justin, I have removed all the related code from the source files, and there are no GPL dependencies there. Those dependencies are an optional setting in our project, it is not necessary. Thanks, junchao On Sat, May 4, 2024 at 5:36 PM Justin Mclean wrote: > HI, > > > Thanks for letting me know. > > I have removed those dependencies. > > What goes in the license file is any 3rd party licenses that are included > in the source release, not those that are dependencies. But unless it is > optional, you also can’t have any GPL dependencies. > > Kind Regards, > Justin > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
HI, > Thanks for letting me know. > I have removed those dependencies. What goes in the license file is any 3rd party licenses that are included in the source release, not those that are dependencies. But unless it is optional, you also can’t have any GPL dependencies. Kind Regards, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
The list of 'public domain' software in the resilientdb LICENSE [1] seems incorrect. * protobuf is not public domain - see its license [2] * snappy is not public domain - see its license [3] * zlib has a customised license that we should reproduce [4] * this is just some of the issues, I haven't looked at every link [1] https://github.com/apache/incubator-resilientdb/blob/master/LICENSE [2] https://github.com/protocolbuffers/protobuf/blob/main/LICENSE [3] https://github.com/google/snappy?tab=License-1-ov-file#readme [4] https://github.com/madler/zlib On Sun, 5 May 2024 at 00:41, Justin Mclean wrote: > HI, > > I assume you mean [1] I’ve not looked at it in detail, but I note you > include GPL licensed code. GPL-licensed code is Category X and can’t be > used in an ASF project. > > Kind Regards, > Justin > > > 1. https://github.com/apache/incubator-resilientdb/blob/master/LICENSE
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
Hi Justin, Thanks for letting me know. I have removed those dependencies. https://github.com/apache/incubator-resilientdb/blob/v1.10.0-rc01/LICENSE Thanks, Junchao On Sat, May 4, 2024 at 4:41 PM Justin Mclean wrote: > HI, > > I assume you mean [1] I’ve not looked at it in detail, but I note you > include GPL licensed code. GPL-licensed code is Category X and can’t be > used in an ASF project. > > Kind Regards, > Justin > > > 1. https://github.com/apache/incubator-resilientdb/blob/master/LICENSE
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
HI, I assume you mean [1] I’ve not looked at it in detail, but I note you include GPL licensed code. GPL-licensed code is Category X and can’t be used in an ASF project. Kind Regards, Justin 1. https://github.com/apache/incubator-resilientdb/blob/master/LICENSE
Re: [VOTE] Release Apache ResilientDB, Incubating, v1.10.0-RC1
Hi Justin, It is very grateful for your help with the review and the suggestions. I have addressed the license issues, added the URL in the NOTICE file, and mentioned the 3rd code in LICENSE. Could you please take a look again? Thanks, Junchao On Fri, May 3, 2024 at 5:51 PM Justin Mclean wrote: > Hi, > > It’s -1 (binding) from me. I think you should use Apache Rat to check the > release. > > I checked: > - incubating in artifact name > - signatures and hashes are correct > - DISCLAIMER exists > - LICENSE is missing mention of 3rd party code included in the release > - NOTICE doesn't include correct text (missing URL) > - Files are missing ASF headers > - no unexpected binary files > - I did not try to compile from the source > > Files missing headers - you need to work out if these are 3rd party files > or not. > ./INSTALL.sh > > ./INSTALL_MAC.sh./entrypoint.sh./script.js./platform/consensus/ordering/common/algorithm/protocol_base.cpp./platform/consensus/ordering/common/algorithm/protocol_base.h./platform/consensus/ordering/poe/algorithm/poe.cpp./platform/consensus/ordering/poe/algorithm/poe.h./platform/statistic/test_server.sh./scripts/format.sh > ./scripts/deploy/performance/pbft_performance.sh > ./scripts/deploy/performance/poe_performance.sh > ./scripts/deploy/performance/run_performance.sh > ./scripts/deploy/script/deploy.sh > ./scripts/deploy/script/env.sh > ./scripts/deploy/script/generate_config.sh > ./scripts/deploy/script/generate_key.sh > > ./scripts/deploy/script/load_config.sh./service/tools/contract/api_tools/example_contract/compile.sh./service/tools/contract/service_tools/start_contract_service.sh > > ./service/tools/kv/server_tools/start_kv_service.sh./service/tools/kv/server_tools/start_kv_service_monitoring.sh./service/tools/utxo/service_tools/start_utxo_service.sh./service/utxo/start_contract_server.sh > ./tools/generate_certificate.sh > ./tools/generate_client.sh > ./tools/generate_cluster.sh > ./tools/generate_key.sh > > 3rd party files that need to be mentioned in LICENSE: > ./benchmark/protocols/poe/kv_server_performance.cpp > ./common/crypto/hash.cpp > ./common/crypto/hash.h > ./common/crypto/hash_test.cpp > ./common/crypto/key_generator.cpp > ./common/crypto/key_generator.h > ./common/crypto/mock_signature_verifier.h > ./common/crypto/signature_utils.cpp > ./common/crypto/signature_utils.h > ./common/crypto/signature_verifier.cpp > ./common/crypto/signature_verifier.h > ./common/crypto/signature_verifier_interface.cpp > ./common/crypto/signature_verifier_interface.h > ./common/crypto/signature_verifier_test.cpp > ./common/test/json_test.cpp > ./common/test/test_macros.h > ./common/utils/utils.cpp > ./common/utils/utils.h > ./node_modules/fs.realpath/old.js > ./platform/consensus/ordering/common/framework/consensus.cpp > ./platform/consensus/ordering/common/framework/consensus.h > ./platform/consensus/ordering/common/framework/performance_manager.cpp > ./platform/consensus/ordering/common/framework/performance_manager.h > ./platform/consensus/ordering/common/framework/response_manager.cpp > ./platform/consensus/ordering/common/framework/response_manager.h > ./platform/consensus/ordering/common/framework/transaction_utils.cpp > ./platform/consensus/ordering/common/framework/transaction_utils.h > ./platform/consensus/ordering/poe/framework/consensus.cpp > ./platform/consensus/ordering/poe/framework/consensus.h > ./platform/consensus/ordering/poe/framework/consensus_test.cpp > ./service/tools/utxo/wallet_tool/cpp/addr_utils.cpp > ./service/tools/utxo/wallet_tool/cpp/addr_utils.h > ./service/tools/utxo/wallet_tool/cpp/key_utils.cpp > ./service/tools/utxo/wallet_tool/cpp/key_utils.h > > ./service/tools/utxo/wallet_tool/pybind/wallet_tools_py.cpp./node_modules/lodash.union/index.js./node_modules/lodash.difference/index.js./node_modules/brace-expansion/index.js./node_modules/ignore/index.js./node_modules/once/once.js./node_modules/inherits/inherits.js > ...and many other files in node_modules > > Kind Regards, > Justin > > > > > > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >