I think that this MPL issue is a transitive one from HttpClient, which we depend on. The direct dependencies of this project are fairly minimal, if mvn dependency:tree is to be believed:
org.apache.asterix:asterix-jdbc-driver:jar:0.9.9-SNAPSHOT +- org.apache.asterix:asterix-jdbc-core:jar:0.9.9-SNAPSHOT:compile | \- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile +- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.2:compile +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile | +- commons-logging:commons-logging:jar:1.2:compile | \- commons-codec:commons-codec:jar:1.11:compile \- org.apache.httpcomponents:httpcore:jar:4.4.14:compile The httpclient issue is here: https://issues.apache.org/jira/browse/HTTPCLIENT-2317 The NOTICE should be updated though. I think we're just used to the pom in the other repos that automatically handles this for us. On Apr 1, 2024 at 12:47:40, Michael Blow <mblow.apa...@gmail.com> wrote: > [ X ] 0 No strong feeling either way > > The source distribution has an outdated Copyright notice: > > $ cat apache-asterixdb-jdbc-0.9.8.3/NOTICE > > Apache AsterixDB JDBC Driver > > Copyright 2021-2022 The Apache Software Foundation > > ... > > The driver binary distribution includes an MPL 2.0-licensed file which is > not disclosed in its LICENSE and/or NOTICE: > > $ head asterix-jdbc-driver-0.9.8.3-dist/mozilla/public-suffix-list.txt > > // This Source Code Form is subject to the terms of the Mozilla Public > > // License, v. 2.0. If a copy of the MPL was not distributed with this > > // file, You can obtain one at > https://urldefense.com/v3/__https://mozilla.org/MPL/2.0/__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAb8OxJYc$ > . > > > // Please pull this list from, and only from > > https://urldefense.com/v3/__https://publicsuffix.org/list/public_suffix_list.dat__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAekspbQM$ > , > > // rather than any other VCS sites. Pulling from any other URL is not > guaranteed to be supported. > > > // Instructions on pulling and using this list can be found at > > https://urldefense.com/v3/__https://publicsuffix.org/list/__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAbRAJFz3$ > . > > > // ===BEGIN ICANN DOMAINS=== > > ... > > > > > On Mon, Apr 1, 2024 at 3:17 PM Ian Maxon <ima...@apache.org> wrote: > > Hi everyone, > > > Please verify and vote on the latest release of the AsterixDB JDBC > > connector. > > > This release includes compatibility with the new Database keyword and > > level. > > > The change that produced this release is up on Gerrit: > > > https://asterix-gerrit.ics.uci.edu/c/asterixdb-clients/+/18217 > > > The release artifacts are as follows: > > > JDBC Driver Source > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/apache-asterixdb-jdbc-0.9.8.3-source-release.zip__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXARXrwZTi$ > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/apache-asterixdb-jdbc-0.9.8.3-source-release.zip.asc__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAbuAuAAt$ > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/apache-asterixdb-jdbc-0.9.8.3-source-release.zip.sha512__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAXxEnAz1$ > > > SHA512: > > > f4796248273ce61b8268cc232b066ca8c64c96eea9586af04e89c12dbc614e0d5a6e84b212e053c0f34340513684a8c02f3d45386f2410f05f7a8956dcd3787b > > > JDBC Driver Distributable Jar > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterix-jdbc-driver-0.9.8.3-dist.jar__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAbeI7L3z$ > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterix-jdbc-driver-0.9.8.3-dist.jar.asc__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAbz6EMRn$ > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterix-jdbc-driver-0.9.8.3-dist.jar.sha512__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAQ2U2ydI$ > > > SHA512: > > > a0f2cbbd25429a1c95f33c8bbb54911113b51cfbbbbb8270cd246f26da4acc9ec3fcfbc8e72173e3364468c07ef3b3e7b95c11f548cb8e483b9e5c94cbdb61b8 > > > Tableau Connector (TACO file) > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterixdb_jdbc.taco__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAeE-oBT2$ > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterixdb_jdbc.taco.asc__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAW__nRRU$ > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/asterixdb/asterixdb_jdbc.taco.sha512__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAVSPWWk0$ > > > SHA512: > > > d3ebd0ec439efe71dbfab79eb41adc7548c44f16576640dbbd264aa86b379cd350aa18632cf5be48d2c6b9513f4581f762986d0c8282713f8d512e2c0aceb5ad > > > > The KEYS file containing the PGP keys used to sign the release can be > > found at > > > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/release/asterixdb/KEYS__;!!CzAuKJ42GuquVTTmVmPViYEvSg!OA625G-YJtyCEHDQzGKWSLmbxorVdtbLKp-JReHjJEl3xAlHvdecwZ0ImZxmsT8U8T3YiWY6XDgXAVbPqnI_$ > > > RAT was executed as part of Maven via the RAT maven plugin, but > > excludes files that are: > > > - data for tests > > - procedurally generated, > > - or source files which come without a header mentioning their license, > > but have an explicit reference in the LICENSE file. > > > > The vote is open for 72 hours, or until the necessary number of votes > > (3 +1) has been reached. > > > Please vote > > [ ] +1 release these packages as Apache AsterixDB JDBC Driver 0.9.8.3 > > [ ] 0 No strong feeling either way > > [ ] -1 do not release one or both packages because ... > > > Thanks! > > >
