Hi Just to clarify: I said that we don't need to document ASF dependencies in the NOTICE because it's already covered by:
" This product includes software developed at The Apache Software Foundation (http://www.apache.org/). " However, we have to mention NOTICE for Apache (non ASF) dependencies. I'm verifying the release right now. Regards JB On Sat, Mar 21, 2026 at 5:38 AM Ajantha Bhat <[email protected]> wrote: > Hi Dmitri, > Thanks for the verification. > > The snappy-java NOTICE file is not a standard Apache NOTICE — it's a > general informational file. The key question per Apache policy (Section > 4(d) of Apache License 2.0) is whether this > NOTICE contains required legal attributions that must be propagated. > > > > > Looking at the content: > > > - Google Snappy — BSD licensed, attribution is informational, not legally > required by BSD - > PureJavaCrc32C from Hadoop — Apache 2.0, but Hadoop's own NOTICE would be > the authoritative one - GCC Runtime Library > Exception — informational about static linking > - > Contributors — not legally required > > - Hadoop reference — just a pointer > > > > > > Comparing with how JB structured the existing BUNDLE-NOTICE in PR #36 > <https://github.com/apache/polaris-tools/pull/36> — he specifically said > in > his commit: "Don't mention all Apache dependencies (already covered with > the 'This > product includes software' statement)" and "Clean NOTICE (including only > relevant information) and only for Apache licensed dependencies". > > > > Snappy-java's NOTICE doesn't contain > any copyright notices or required attributions that aren't already covered. > It's mostly informational. > > I will wait for JB's reply on this. And we can reconsider the vote based on > that. > > - Ajantha > > On Fri, Mar 20, 2026 at 9:05 PM Dmitri Bourlatchkov <[email protected]> > wrote: > > > Hi All, > > > > I checked: > > * checksum - OK > > * signature - OK > > * local build from source (incl. rat check) - OK > > > > However, I see that the fat jar includes Snappy, but the NOTICE file > inside > > the fat jar does not appear to include Snappy's NOTICE [1] > > > > Is that a concern? > > > > Voting +0 for now. > > > > [1] https://github.com/xerial/snappy-java/blob/main/NOTICE > > > > Cheers, > > Dmitri. > > > > On Mon, Mar 16, 2026 at 3:24 AM Ajantha Bhat <[email protected]> > > wrote: > > > > > Hi everyone, > > > > > > I propose that we release the following RC as the official > > > Apache Polaris Iceberg catalog migrator 1.0.0 release. > > > > > > * This corresponds to the tag: > > > apache-polaris-iceberg-catalog-migrator-1.0.0-rc3 > > > * > > > > > > > > > https://github.com/apache/polaris-tools/commits/apache-polaris-iceberg-catalog-migrator-1.0.0-rc3/ > > > * > > > > > > > > > https://github.com/apache/polaris-tools/tree/5fd6eed5e63deb655422839a6f1041f3df09a95e > > > > > > The release tarball, signature, and checksums are here: > > > * > > > > > > > > > https://dist.apache.org/repos/dist/dev/polaris/apache-polaris-iceberg-catalog-migrator/1.0.0/ > > > > > > You can find the KEYS file here: > > > * https://downloads.apache.org/polaris/KEYS > > > > > > Convenience binary artifacts are staged on Nexus. The Maven > repositories > > > URLs are: > > > * > > > > > > https://repository.apache.org/content/repositories/orgapachepolaris-1058/ > > > > > > Please download, verify, and test. > > > > > > Please vote in the next 72 hours. > > > > > > [ ] +1 Release this as Apache Polaris Iceberg catalog migrator 1.0.0 > > > [ ] +0 > > > [ ] -1 Do not release this because... > > > > > > Only PMC members have binding votes, but other community > > > members are encouraged to cast non-binding votes. This vote will pass > if > > > there are > > > 3 binding +1 votes and more binding +1 votes than -1 votes. > > > > > > - Ajantha > > > > > >
