Thanks for the feedback, Justin.. We are working on rectifying these issues, but want clarification on a couple.
On 2016-12-29 17:58 (-0700), Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > -1 (binding) As package names donât include incubating, release includes > non Category A licensed software, files incorrectly having Apache headers, > unexpected binary file in release and unable to compile from source. > > I checked: > - package names do not contain âincubatingâ is this referring to the tar ball having the name "incubator-trafficcontrol" and just changing that to "incubating-..." would suffice? > - PGP key is not published (but does match KEYS file) I think my PGP key is published -- here: http://pgp.mit.edu/pks/lookup?search=dangogh%40apache.org&op=index Should it be published elsewhere? > - signatures and hashes correct > - LICENSE has a large number of issues (see below) > - NOTICE is OK > - unexpected binary file in release [22] > - all source files have ASF headers > - Unable to compile from source > > With most common permissive licenses you need to include the text of the > license in full, while this doesnât have to be in the LICENSE file itâs a > good idea to do so or includes a pointer to the full text in the license. [1] > > Given the number of licenses it would also be a good idea (IMO) to use the > the short form i.e. pointers to the license, see also [1]. > > This would include licenses for: > - fontawesome > - bootstrap > - SortTable > - jQuery UI > - jMenu (a better URL would be https://libraries.io/github/alpixel/jMenu) Unfortunately, that page also has links to the missing github repo. We are planning to remove or replace this for the next release. > - DataTables > - Underscore > > License is missing license information for: > - normalize.css (MIT license) inside [5] > - Probably several things from the contents of this file? see the copyrights > inside [3] > - angular loading bar (MIT license) in here [4] > - bootstrap vertical tabs (MIT license) also in [4] > - cropper (MIT licensed) also in [4] > - this file [5] > - bootstrap progress bar also in [4] > - WTFPL license code here [6] > - MIT licensed handlebars [7] > - BSD licensed pretty print [8] > - this dual license (Apache/GPL) file [14] > - Several font files [16][17][18][19][20][21] > - files here [23] > > Given the large number of issues it likely I may of missed something. For > instance I would double check all of the JS files bundled as some of them > donât seem to be mentioned in license i.e. modernizr [15] > > Other licensing issues: > - I donât believe CC by 2.5 licensed WebAppers Progress Bar would be > allowed to be bundled in an Apache releases as the license is listed in > Category B and canât in included in source form. [2] > - For the MaxMind DB GeoLite2 Database under CC share-alike license you would > need to get approve from legal discuss [2] > - Theses files may be under under the perl artistic license (not 100% sure) > [9][10][11][12][13] which is not a Category A license. > > These files [6][8] incorrectly have ASF headers, there may be others. > > The source fails to compile with this error: > [ERROR] Failed to execute goal on project traffic_router_core: Could not > resolve dependencies for project > com.comcast.cdn.traffic_control.traffic_router:traffic_router_core:war:1.8.0: > Could not find artifact jdnssec:jdnssec-tools:jar:0.12 in cloudera > (https://repository.cloudera.com/content/repositories/releases) -> [Help 1] > > Thanks, > Justin > > 1. http://www.apache.org/dev/licensing-howto.html#permissive-deps > 2. https://www.apache.org/legal/resolved#cc-sa > 3. > ./incubator-trafficcontrol/traffic_server/patches/trafficserver-5.3.2-f914e70.diff > 4. ./incubator-trafficcontrol/traffic_portal/app/src/styles/main.scss > 5. ./incubator-trafficcontrol/misc/traffic-control-cdn/css/bootstrap.min.css > 6. ./incubator-trafficcontrol/traffic_ops/app/public/js/lz-string-1.3.3.js > 7. ./incubator-trafficcontrol/traffic_ops/app/public/js/handlebars.js > 8. ./incubator-trafficcontrol/traffic_ops/app/public/js/prettyprint.js > 9. > ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP/Compat5005.pm > 10. > ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP/Compat5006.pm > 11. > ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/backportPP.pm > 12. ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON/PP.pm > 13 ./incubator-trafficcontrol/traffic_ops/install/lib/perl5/JSON.pm > 14. ./incubator-trafficcontrol/traffic_ops/app/public/js/select2.js > 15. ./docs/source/_themes/sphinx_rtd_theme/static/js/modernizr.min.js > 16. > ./incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Inconsolata-Bold.ttf > 17. > /incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Inconsolata.ttf > 18. > incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Lato-Bold.ttf > 19. > incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/Lato-Regular.ttf > 20. > incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/RobotoSlab-Bold.ttf > 21 > incubator-trafficcontrol/docs/source/_themes/sphinx_rtd_theme/static/fonts/RobotoSlab-Regular.ttf > 22. incubator-trafficcontrol/traffic_ops/install/bin/goose > 23. incubator-trafficcontrol/infrastructure/test/ui/vendor/github.com/tebeka/ > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > We have sent an email to legal regarding the CC-SA licenses. For the remaining issues, a new RC6 will be available in the next couple of days. -Dan --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
