Hi tison, My previous reply is a little confusing. What the "we don't release furyjs in 0.5.0" means is that we don't upload release bundles to npm in this release.
Best, Chaokun Yang On Thu, Apr 25, 2024 at 5:36 PM tison <wander4...@gmail.com> wrote: > Let me first summarize the result of the feedback on LICENSE issues: > > > - there are several references to a benchmark directory, but it is not > included in the release > > This is correct. We made [10] to address it. And We're preparing a new > release candidate. > > [10] https://github.com/apache/incubator-fury/pull/1562 > > > - there seems to be 3rd part code from OpenSumi here [1][2][3][4] > > This is false positive. OpenSumi's release bundle contains the code from > Fury. The origin comes from Fury. > > > - there seems to be code from Ray here [5][6] > > This is false positive. Shawn owns the code and they are "Licensed to the > Apache Software Foundation (ASF) under one or more contributor license > agreements." > > > - this file may have been copied from somewhere [7] > > This is false positive. The content of ArrayAsList is shared above. I > suppose most Java developers would argue that it's a trivial class. Also, > there is no evidence to show other origins possibility. > > To Shawn, > > > We can cooperate with OpenSumi after we make the first formal release of > furyjs under ASF later. > > Although this can be a good way to go, I notice that in this RC the tarball > packages furyjs' code: > > 0.5.0-rc3/apache-fury-incubating-0.5.0-src/javascript > > I'd like to know the details about "we don't release furyjs in 0.5.0" > because you seem to release furyjs' sources in 0.5.0. > > Best, > tison. > > > Shawn Yang <shawn.ck.y...@gmail.com> 于2024年4月25日周四 17:16写道: > > > Hi tison, > > > > Thanks for the suggestion, we don't release furyjs in 0.5.0. > > > > We can cooperate with OpenSumi after we make the first formal release of > > furyjs > > under ASF later. > > > > Best, > > Chaokun > > > > On Thu, Apr 25, 2024 at 5:11 PM tison <wander4...@gmail.com> wrote: > > > > > Hi Shawn, > > > > > > Thanks for sharing the finding. I can see the dependency from OpenSumi > to > > > Fury as in [1] now. > > > > > > [1] https://github.com/search?q=repo:opensumi/core%20fury&type=code > > > > > > After we make the first formal release, we can cooperate with OpenSumi > to > > > upgrade to an incubating release and thus update the mention in their > > docs > > > to Apache Fury also, like [2][3]. > > > > > > [2] https://github.com/GreptimeTeam/greptimedb/pull/2653 > > > [3] https://github.com/GreptimeTeam/greptimedb/pull/3168 > > > > > > Best, > > > tison. > > > > > > > > > Shawn Yang <shawn.ck.y...@gmail.com> 于2024年4月25日周四 17:04写道: > > > > > > > Hi Justin, > > > > > > > > Thanks for sharing this tool. I checked the code in Fury with this > > tool. > > > > > > > > Here is the result: > > > > 1) [5][6] are osscan results. > > > > 2) Those files has duplication with package/lib/worker-host.js in > > > > opensumi[7] > > > > > > > > Opensumi relies on furyjs, so it packaged the code in apache fury > into > > > its > > > > release bundle. > > > > As you can see from the opensumi code repository[8]. There is no such > > > > worker-host.js file, > > > > It's a file generated at opensum build process, which packaged apache > > > > furyjs code into their bundle. > > > > > > > > So I think this is not an issue in fury. > > > > > > > > Do you have further issues? If not, I'll close this vote and start a > > new > > > > release candidate later. > > > > > > > > 1. /javascript/packages/fury/lib/gen/datetime.ts > > > > 2. /javascript/packages/fury/lib/gen/index.ts > > > > 3. /javascript/packages/fury/lib/fury.ts > > > > 4. /javascript/packages/fury/lib/classResolver.ts > > > > 5 > > > > > > > > > > > > > > https://github.com/apache/incubator-fury/assets/12445254/cfa0fb06-bf23-468d-bf76-f9b106467611 > > > > 6. > > > > > > > > > > > > > > https://github.com/apache/incubator-fury/assets/12445254/7698a87d-ffd9-4400-9a79-a2f27f191c1d > > > > 7. https://www.npmjs.com/package/%40opensumi/ide-extension > > > > 8. https://github.com/opensumi/core/ > > > > > > > > ---------- > > > > Best regards, > > > > Chaokun Yang > > > > > > > > On Thu, Apr 25, 2024 at 1:52 PM tison <wander4...@gmail.com> wrote: > > > > > > > > > Hi Justin, > > > > > > > > > > Thank you, and that's not in a hurry. I'd just like to make the > > status > > > > > clear and ensure we can make progress instead of subjective > arguing. > > > > > > > > > > Now I know you use ScanOSS and I'd suggest other members in Fury > try > > to > > > > > check the project with this tool. I'll try it out if I find some > > time, > > > > and > > > > > I'd appreciate it if you could share how you use this tool to do > > > > compliance > > > > > checks, it would help all the people in the Incubator :D > > > > > > > > > > ::OT:: IIRC ScanOSS CEO or CTO gave a talk at the Dev.Together Conf > > > weeks > > > > > before, now I found a real use case XD. > > > > > > > > > > Best, > > > > > tison. > > > > > > > > > > > > > > > Justin Mclean <jus...@classsoftware.com> 于2024年4月25日周四 13:40写道: > > > > > > > > > > > HI, > > > > > > > > > > > > I’m happy to share it, but as I said, I'm travelling right now > and > > > > don't > > > > > > have access. I used ScanOSS workbench, but there are other > checkers > > > out > > > > > > there. And yes, tools like this can sometimes give false > positives, > > > and > > > > > it > > > > > > can sometimes be unclear where things were originally copied or, > in > > > > fact, > > > > > > may have been copied themselves. > > > > > > > > > > > > Kind Regards, > > > > > > Justin > > > > > > > > --------------------------------------------------------------------- > > > > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > > > > For additional commands, e-mail: > general-h...@incubator.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > >
