Hi all,

As part of the recent PAX feature work, several new Git submodules have
been introduced into the Apache Cloudberry (Incubating) repository. After
reviewing these additions, I noticed two important issues that should be
addressed before finalizing the v2.0.0 release:

1. Submodule Pinning
   - Several submodules are currently pulling from `main` or an active
branch (`v1.15.x`), rather than being pinned to a specific commit SHA.
   - This could lead to non-reproducible builds over time, as upstream
changes may alter the submodule contents unexpectedly.
   - To ensure reproducibility and long-term stability, the submodules
should be updated to point to specific SHAs.

2. License Management
   - Each submodule introduces third-party code, and the corresponding
license files need to be collected.
   - The license texts should be added to the `licenses/` directory, and
the top-level `LICENSE` file updated to reference each included dependency
and its license type.

Submodules involved:
- `gpcontrib/gpcloud/test/googletest`
- `contrib/pax_storage/src/cpp/contrib/googletest`
- `contrib/pax_storage/src/cpp/contrib/tabulate`
- `contrib/pax_storage/src/cpp/contrib/googlebench`
- `contrib/pax_storage/src/cpp/contrib/cpp-stub`
- `dependency/yyjson`

Call for Volunteer:
Would someone be willing to volunteer to investigate and address these two
items?
Taking care of this now will help us avoid potential issues during the
v2.0.0 release process.

Please reply here if you are able to help. I am happy to assist or help
review any proposed updates.

Thanks in advance,
-=e

-- 
Ed Espino
Apache Cloudberry (Incubating) & MADlib

Reply via email to