Hi all, As part of the recent PAX feature work, several new Git submodules have been introduced into the Apache Cloudberry (Incubating) repository. After reviewing these additions, I noticed two important issues that should be addressed before finalizing the v2.0.0 release:
1. Submodule Pinning - Several submodules are currently pulling from `main` or an active branch (`v1.15.x`), rather than being pinned to a specific commit SHA. - This could lead to non-reproducible builds over time, as upstream changes may alter the submodule contents unexpectedly. - To ensure reproducibility and long-term stability, the submodules should be updated to point to specific SHAs. 2. License Management - Each submodule introduces third-party code, and the corresponding license files need to be collected. - The license texts should be added to the `licenses/` directory, and the top-level `LICENSE` file updated to reference each included dependency and its license type. Submodules involved: - `gpcontrib/gpcloud/test/googletest` - `contrib/pax_storage/src/cpp/contrib/googletest` - `contrib/pax_storage/src/cpp/contrib/tabulate` - `contrib/pax_storage/src/cpp/contrib/googlebench` - `contrib/pax_storage/src/cpp/contrib/cpp-stub` - `dependency/yyjson` Call for Volunteer: Would someone be willing to volunteer to investigate and address these two items? Taking care of this now will help us avoid potential issues during the v2.0.0 release process. Please reply here if you are able to help. I am happy to assist or help review any proposed updates. Thanks in advance, -=e -- Ed Espino Apache Cloudberry (Incubating) & MADlib
