I was the one who suggested the use of the WIP disclaimer and I clearly misinterpreted its intention. Apologies for that, I am now much more educated around this area so thanks everyone for the constructive feedback.
I just opened a ticket to maven central (central-supp...@sonatype.com) to request an exceptional removal of all org.apache.xtable artifacts from the repository. I will let you know about the outcome once I have some news. The plan proposed by Jesus looks solid. From my end, I will perform a thorough license check for the next XTable release. Best, Stamatis On Fri, Sep 13, 2024 at 5:01 AM Jesus Camacho Rodriguez <jcama...@apache.org> wrote: > > Thank you all for the valuable feedback, and apologies for dropping > the ball on this. I should have been more diligent despite the WIP > disclaimer, I did not fully understand the implications. > > Since those artifacts have already been published to Maven Central and > cannot be removed, what would be the best way to proceed? > Here is a possible plan: 1) Exclude xtable-utilities module from the > release process as Ryan suggested (I'll start a discussion immediately on > the XTable dev list about this), 2) Release a new version as soon as > possible, addressing any possible additional license issues in other > modules, and 3) Make sure the licensing issue with the already released > artifacts is clearly communicated in the new version release notes, release > announcements on the mailing lists, and project website. > Does this approach sound reasonable? Other suggestions? > > Thanks, > Jesús > > > > On Thu, Sep 12, 2024 at 12:47 PM rdb...@gmail.com <rdb...@gmail.com> wrote: > > > Good point Justin about the importance of checking for problematic > > licenses. > > That fat jar is 600Mb and includes the kitchen sink in terms of classes. > > > > One set of classes is from OpenJDK JOL and this is GPL-2.0 licensed. > > > > This seems like a big problem to me, especially because the artifact has > > already been uploaded to maven central. Downstream users could accidentally > > include or distribute GPL code by using and redistributing Apache XTable. > > > > XTable may also need to be dual licensed because of 2.b) in the GPL-2.0 > > (the copyleft part): > > > > You must cause any work that you distribute or publish, that in whole or in > > part contains or is derived from the Program or any part thereof, to be > > licensed as a whole at no charge to all third parties *under the terms of > > this License*. > > > > My interpretation of the incubator disclaimer is not that we can make > > releases without attempting to produce license documentation -- that > > doesn't change the consequences of distributing GPL code. It means that we > > (the IPMC) have not fully checked and verified the license documentation. > > Given the risks to people using ASF software, I don’t think it is at all > > safe to make releases without due diligence here. > > > > Ryan > > > > On Thu, Sep 12, 2024 at 2:23 AM Justin Mclean <jus...@classsoftware.com> > > wrote: > > > > > Hi, > > > > > > > Thanks for sharing LEGAL-469 Justin. I have seen it at some point but > > > > as time passed I forgot its existence. > > > > > > > > The DISCLAIMER-WIP contains the following snippet: > > > > Some of the incubating project’s releases may not be fully compliant > > > > with ASF policy. For example, releases may have incomplete or > > > > un-reviewed licensing conditions. What follows is a list of issues the > > > > project is currently aware of (this list is likely to be incomplete): > > > > List of known issues goes here > > > > > > > > I didn't perform a thorough license check cause it was implied by the > > > > disclaimer that this rather OK for this type of release. If we need to > > > > check for all licenses involved then I don't see much point in having > > > > this WIP file. > > > > > > As the WIP disclaimer states, "List of known issues goes here”, so you > > > need to know (in general) what the issues are, particularly if they are > > > Category X related the users need to be aware of those. It doesn't need > > to > > > be perfect, as it's an incubating project, but you should still do a > > basic > > > check. > > > > > > Kind Regards, > > > Justin > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
