hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12893) Verify LICENSE.txt and NOTICE.txt
Date Fri, 13 May 2016 23:42:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15283312#comment-15283312
] 

Sean Busbey commented on HADOOP-12893:
--------------------------------------

{quote}
My understanding is LICENSE / NOTICE of binary distribution should be a superset of source
distribution. Is it good enough to have a separate binary-distribution-only LICENSE / NOTICE
file and we can concat binary-distribution-only and source-distribution L/N while releasing?
{quote}

This is not necessarily true, though I haven't done a sufficient review to say if it is for
Hadoop or not. As an example, one could have some third party code bundled in the test sources
and produce a binary distribution tarball with no test files in it. Similarly, if the main
classes include some third party work but the tests do not, then the main jar and the test
jar would be different. (which would matter if the test jar is published to maven.)

{quote}
In the L&N we say whether something applies to the binary or the source
distribution. I saw this elsewhere, and it really reduces the POM work
required.
{quote}

I've seen this a few places, but unfortunately it's incorrect. I've been slowly working through
projects to help correct them, but it's a long slog.

{quote}
I'd like to appeal to a reasonable person standard. We're making a big
effort here to be compliant, and if we do the above, it'll be clear what
does and doesn't apply to each artifact. In the meanwhile, our releases are
blocked.

If additional work really is required, maybe it could also be done as a
follow-on.
{quote}

That's entirely up to the Hadoop PMC. I can certainly understand the reasoning of an incremental
approach that starts with getting us out of violating the licenses of third parties and works
towards compliance with ASF Policy.

I would be concerned if "follow-on" turned into "next release" perpetually; having releases
blocked provides a kind of motivation that little else can. We need to end up in a place where
everything we distribute meets ASF Policy, but folks generally understand that this can take
some time.

Keep in mind that release voting is majority, so it might be worth a straw poll of how the
PMC would vote if a given release met the requirements for third party licenses but did not
yet meet ASF policy on license notifications.

> Verify LICENSE.txt and NOTICE.txt
> ---------------------------------
>
>                 Key: HADOOP-12893
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12893
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.8.0, 2.7.3, 2.6.5, 3.0.0-alpha1
>            Reporter: Allen Wittenauer
>            Assignee: Xiao Chen
>            Priority: Blocker
>         Attachments: HADOOP-12893.01.patch
>
>
> We have many bundled dependencies in both the source and the binary artifacts that are
not in LICENSE.txt and NOTICE.txt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message