Thanks Justin for your comprehensive review of the release artifacts and valuable comments. And thanks Steve for your comment that indicates the importance of getting provenance correct.
We are committed to getting the release package correct along with all the provenance issues. This is the first time we are releasing and were expecting some issues. A lot of time and effort has been spent getting your source package to work in the Apache infrastructure. We will look at the provenance issues you mentioned and figure out how best to address them. There are a few questions that we have based on the comments we received so far: 1. HP donated the Trafodion code to Apache several months ago. We have gone through all the legal steps to get the code donated. As part of this process we removed all the HP copyrights except for our test files and documentation. Do we have to remove all the Copyrights in order to release in Apache? Is including HP in the NOTICE/LICENSE file adequate? 2. A conscious decision was made to add the latest Apache license to files that have existing licenses. So now multiple licenses are showing up. Is this something we should not be doing? The original license came when the code was first used by the product. 3. We have followed the instructions detailed in [8] but it looks like we are missing a mention of this in our README file. We will add appropriate information as the rules apply, for example - " This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, ..." 4. We do have permission to use the photos in [13] [14]. Is there something we need to do to indicate this somewhere? 5. You mentioned that we may be too generous in excluding files for our RAT test. We did include in the RAT_README file an explanation of the exception and why. If there are specific explanations in RAT_README.txt that are not ok , we can look at each one on a case by case basis. We based RAT exceptions by looking at other apache products and as described http://apache.org/legal/src-headers.html#faq-exceptions: The RAT_README.txt file contains explanations on how we clearly cannot add copyright info to : • generated files • configuration files • testware expected files • source/testware that were downloaded from elsewhere that contain their own copyright info in the same directory. However, it looks like we missed adding some of the items in our LICENSE file. 6. Justin, can we get accessibility to some of the scripts you ran to check for these incompatibilities? This will give our next release a better chance of succeeding. Again, thanks for taking the time to provide this valuable feedback Regards, Roberta -----Original Message----- From: Justin Mclean [mailto:jus...@classsoftware.com] Sent: Wednesday, November 18, 2015 6:29 PM To: general@incubator.apache.org Subject: Re: [VOTE] Release Apache Trafodion (incubating) 1.3.0-incubating (RC4) Hi, Sorry -1 Due to license and copyright issues and possible crypto issue. I checked: - artefact contains incubating - signature and hashes good - DISCLAIMER exists - LICENSE is missing a couple of things/has a few issues - NOTICE is good but may be missing thing form other Apache bundled software - rat exclusions bay be a bit wide - no unexpected binaries in release - while most source file have Apache headers there are serval issues with copyright owners and multiple headers in files - didn’t compile as the build process looks rather difficult If OpenSSL is being bundled has this process been followed? [8] I’m not familiar with the process and it may not apply here. Can someone who more familiar with this please comment. LICENSE issues: - License implies that all BSD licensed software is "Copyright (c) 2008-2010, Allan Jardine” which is not the case. Each piece of licensed software will have it’s own owner. - missing MIT licensed Asciidoctor [1] - Jquery UI is MIT licensed not BSD [2] - missing MIT license MooTools Framework [3] - missing BSD style OpenSSL license [4] - missing MIT JavaScript InfoVis Toolkit license [5] - missing MIT JQuery license [6] - And while the code under [7] is MIT it's not copyright SpryMedia Ltd - missing license for CSS Document by Codify Design Studio [15] How is this file licensed? Also this file [9] is marked as copyright ASF but contains other possible copyright owners: <!--Arbortext, Inc., 1988-2014, v.4002—> <copyright><year>2015</year><holder>Hewlett-Packard Development Company, L.P.</holder></copyright> I also count 480+ incidences where copyright Hewlett-Packard in mentioned. There are also multiple files that are marked copyright Salesforce.com e.g. [10], copyright Open Software Foundation e.g. [11] There are also a large number of files that have double copyright headers e.g. [12]. And finally there is an assortment of years for Apache licensed software. As the project hasn’t been incubating for that long I assume we have some other bundled Apache software? If so this may effect NOTICE. For instance: * Copyright 2007 The Apache Software Foundation * Copyright 2008 The Apache Software Foundation * Copyright 2009 The Apache Software Foundation * Copyright 2010 The Apache Software Foundation * Copyright 2011 The Apache Software Foundation * Copyright 2015 The Apache Software Foundation There are two photographs [13][14] do you have permission from the original owners to use them? Thanks, Justin 1. /core/rest/src/main/asciidoc 2. /dcs/src/main/resources/dcs-webapps/master/jquery-ui/jquery-ui.js 3. /dcs/src/main/resources/dcs-webapps/master/js/lib/jit.js 4. /core/conn/security_dll/LICENSE 5. /dcs/src/main/resources/dcs-webapps/master/js/lib/jit.js 6. /dcs/src/main/resources/dcs-webapps/master/js/lib/jquery-1.11.0.js 7./incubator-trafodion/core/sql/qmscommon/expat 8. http://www.apache.org/dev/crypto.html 9. ./docs/sql_reference/source/Trafodion_SQL_Reference_Manual.xml 10. /tests/phx/src/test/java/org/trafodion/phoenix/end2end/AlterTableTest.java 11. /win-odbc64/sql/common/from_GB2312.c 12. /wms/src/main/java/org/trafodion/wms/util/RetryCounter.java 13. /core/sql/regress/executor/anoush.jpg 14./core/sql/regress/executor/deep.jpg 15. dcs/src/main/resources/dcs-webapps/master/css/stylesheet.css --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
