Hi, -1 (binding) As package names don’t include incubating, release includes non Category A licensed software, files incorrectly having Apache headers, unexpected binary file in release and unable to compile from source.
I checked: - package names do not contain “incubating” - PGP key is not published (but does match KEYS file) - signatures and hashes correct - LICENSE has a large number of issues (see below) - NOTICE is OK - unexpected binary file in release [22] - all source files have ASF headers - Unable to compile from source With most common permissive licenses you need to include the text of the license in full, while this doesn’t have to be in the LICENSE file it’s a good idea to do so or includes a pointer to the full text in the license. [1] Given the number of licenses it would also be a good idea (IMO) to use the the short form i.e. pointers to the license, see also [1]. This would include licenses for: - fontawesome - bootstrap - SortTable - jQuery UI - jMenu (a better URL would be https://libraries.io/github/alpixel/jMenu) - DataTables - Underscore License is missing license information for: - normalize.css (MIT license) inside [5] - Probably several things from the contents of this file? see the copyrights inside [3] - angular loading bar (MIT license) in here [4] - bootstrap vertical tabs (MIT license) also in [4] - cropper (MIT licensed) also in [4] - this file [5] - bootstrap progress bar also in [4] - WTFPL license code here [6] - MIT licensed handlebars [7] - BSD licensed pretty print [8] - this dual license (Apache/GPL) file [14] - Several font files [16][17][18][19][20][21] - files here [23] Given the large number of issues it likely I may of missed something. For instance I would double check all of the JS files bundled as some of them don’t seem to be mentioned in license i.e. modernizr [15] Other licensing issues: - I don’t believe CC by 2.5 licensed WebAppers Progress Bar would be allowed to be bundled in an Apache releases as the license is listed in Category B and can’t in included in source form. [2] - For the MaxMind DB GeoLite2 Database under CC share-alike license you would need to get approve from legal discuss [2] - Theses files may be under under the perl artistic license (not 100% sure) [9][10][11][12][13] which is not a Category A license. These files [6][8] incorrectly have ASF headers, there may be others. The source fails to compile with this error: [ERROR] Failed to execute goal on project traffic_router_core: Could not resolve dependencies for project com.comcast.cdn.traffic_control.traffic_router:traffic_router_core:war:1.8.0: Could not find artifact jdnssec:jdnssec-tools:jar:0.12 in cloudera (https://repository.cloudera.com/content/repositories/releases) -> [Help 1] Thanks, Justin 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps 2. https://www.apache.org/legal/resolved#cc-sa 3. ./incubator-trafficcontrol/traffic_server/patches/trafficserver-5.3.2-f914e70.diff 4. ./incubator-trafficcontrol/traffic_portal/app/src/styles/main.scss 5. ./incubator-trafficcontrol/misc/traffic-control-cdn/css/bootstrap.min.css 6. ./incubator-trafficcontrol/traffic_ops/app/public/js/lz-string-1.3.3.js 7. ./incubator-trafficcontrol/traffic_ops/app/public/js/handlebars.js 8. ./incubator-trafficcontrol/traffic_ops/app/public/js/prettyprint.js 9. ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP/Compat5005.pm 10. ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP/Compat5006.pm 11. ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP.pm 12. ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/PP.pm 13 ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON.pm 14. ./incubator-trafficcontrol/traffic_ops/app/public/js/select2.js 15. ./docs/source/_themes/sphinx_rtd_theme/static/js/modernizr.min.js 16. ./incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Inconsolata-Bold.ttf 17. /incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Inconsolata.ttf 18. incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Lato-Bold.ttf 19. incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Lato-Regular.ttf 20. incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/RobotoSlab-Bold.ttf 21 incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/RobotoSlab-Regular.ttf 22. incubator-trafficcontrol/traffic_ops/install/bin/goose 23. incubator-trafficcontrol/infrastructure/test/ui/vendor/github.com/tebeka/ --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
