Il mer 6 dic 2017, 22:15 Sijie Guo <guosi...@gmail.com> ha scritto: > After checking how the other ASF projects shipping NOTICE and LICENSE files > in the package, > > Examples: > > Flink: https://github.com/apache/flink/blob/master/NOTICE > https://github.com/apache/flink/blob/master/LICENSE > Kafka: https://github.com/apache/kafka/blob/trunk/NOTICE > https://github.com/apache/kafka/blob/trunk/LICENSE > DL: https://github.com/apache/distributedlog/blob/master/NOTICE > > and reading through all the ASF documents, > > 1. http://www.apache.org/legal/src-headers.html#notice > 2. http://apache.org/legal/resolved.html#required-third-party-notices
This part is interesting: It is important to keep NOTICE as brief and simple as possible, as each addition places a burden on downstream consumers. Do not add anything to NOTICE which is not legally required. > > 3. http://www.apache.org/dev/licensing-howto.html#mod-notice > > > I am proposing: > > a) remove the dependencies in the NOTICE and LICENSE, to make things easier > to manage. It is sufficient to keep NOTICE as simple as possible and > listing only need-to-callout licenses in LICENSE file. > b) We don't need a separate NOTICE/LICENSE file for binary package, it > should be same for both src and binary distribution. > > Sent a PR for this proposed change: > https://github.com/apache/bookkeeper/pull/820 Will take a look. As I wrote on slack I will try to send an example of using the license plugin to check automatically licenses of dependencies and create a list. This will make it easier to check that we don't check in forbidden licenses +1 to your proposal (non binding) Enrico > > > - Sijie > > > On Wed, Dec 6, 2017 at 9:46 AM, Ivan Kelly <iv...@apache.org> wrote: > > > Probably not. Findbugs isn't needed for sure. Some others look like code > > generation. The binary packages need separate notices though, as they > > schools only contain what they're legally obliged to. > > > > On Wed 6 Dec 2017, 18:10 Sijie Guo <guosi...@gmail.com> wrote: > > > > > I did the original notice file update, I will update. Some of these > > > dependencies might not be needed actually. > > > > > > - Sijie > > > > > > On Wed, Dec 6, 2017 at 8:43 AM, Ivan Kelly <iv...@apache.org> wrote: > > > > > > > -1 from me unfortunately. > > > > > > > > There are a lot of files in lib/ the bookkeeper-all which aren't > > > > covered in the notice: > > > > com.google.code.findbugs-jsr305-3.0.2.jar > > > > com.google.errorprone-error_prone_annotations-2.1.2.jar > > > > com.twitter-jsr166e-1.0.0.jar > > > > com.twitter-libthrift-0.5.0-7.jar > > > > com.twitter-libthrift-0.5.0-7.jar > > > > com.twitter-scrooge-core_2.11-4.16.0.jar > > > > com.twitter-twitter-server_2.11-1.29.0.jar > > > > javax.inject-javax.inject-1.jar > > > > javax.servlet-javax.servlet-api-3.1.0.jar > > > > > > > > Bookkeeper-server notice doesn't cover: > > > > com.google.code.findbugs-jsr305-3.0.2.jar > > > > com.google.errorprone-error_prone_annotations-2.1.2.jar > > > > javax.servlet-javax.servlet-api-3.1.0.jar > > > > > > > > Don't use the lists above as a basis to fix though. Whoever is > > > > updating should doublecheck that the NOTICE files cover everything in > > > > lib. We're going to need a different NOTICE for bookkeeper-server and > > > > bookkeeper-all also. It's probably worth getting maven to try and > > > > generate these files for us. > > > > > > > > > > Otherwise everything looks good. > > > > 1. checksums and signature checked out > > > > 2. findbugs, rat, and tests ran cleanly > > > > 3. Jepsen tests passed > > > > > > > > The other thing that's needed for the next RC is that the breaks in > > > > the API (around thrown exceptions), need to be noted clearly and > > > > loudly in the release notes. > > > > > > > > Best regards, > > > > Ivan > > > > > > > > > > > > > > > > On Wed, Dec 6, 2017 at 4:54 AM, Jia Zhai <zhaiji...@gmail.com> > wrote: > > > > > Thanks a lot Enrico for the verification, especially for the notes. > > > Would > > > > > you please also help open some issues on github to track your > > findings > > > > and > > > > > suggestions? > > > > > > > > > > On Tue, Dec 5, 2017 at 10:54 PM, Enrico Olivelli < > > eolive...@gmail.com> > > > > > wrote: > > > > > > > > > >> +1 (non binding) > > > > >> looks good to me > > > > >> > > > > >> - Built and tested candidate source tar ball > > > > >> - Run Bookie and basic Bookie shel commands from the "dist all" > > > package > > > > >> - Checked tag on GitHub > > > > >> - All tests are passing on my downstream projects (some of them > need > > > > >> re-compiling or minor changes) > > > > >> > > > > >> Thank you Jia for driving this and to every body, I expect great > > > > >> improvements in production > > > > >> > > > > >> Notes: > > > > >> > > > > >> 1) There is a failing test on my dev machine, even on master. I > > think > > > > this > > > > >> is not blocker for the release. It must be some problem on my > > machine: > > > > >> > > > > >> testWithDiskFullAndAbilityToCreateNewIndexFile(org.apache. > > > > >> bookkeeper.bookie.BookieInitializationTest) > > > > >> Time elapsed: 12.871 sec <<< FAILURE! > > > > >> java.lang.AssertionError: Bookie should be up and running > > > > >> at > > > > >> org.apache.bookkeeper.bookie.BookieInitializationTest. > > > > >> testWithDiskFullAndAbilityToCreateNewIndexFile( > > > > >> BookieInitializationTest.java:602) > > > > >> > > > > >> > > > > >> 2) NOTICE reports very old copyright note (dates to 2015) -> we > > should > > > > >> check this on every file, not just this one, it is not a problem I > > > think > > > > >> > > > > >> 3) EnsemblePlacementPolicy changed signatures of methods -> > compile > > > time > > > > >> issue on downstream projects, I already knew, not a problem. I > will > > > not > > > > >> create any issue. > > > > >> > > > > >> 4) BookKeeper.Builder#build -> now throws BKException -> compile > > time > > > > issue > > > > >> on downstream projects, but it is not a showstopper. I wlil not > > create > > > > any > > > > >> issue. This was expected. > > > > >> > > > > >> 5) Dropped dependency on commons collections -> so this > disappeared > > > from > > > > >> downstream projects -> it is not a real problem, downstream > project > > > must > > > > >> explicitly declare their own dependencies, it is not a BK problem. > > > > >> > > > > >> 6) We have better "BKException#getMessage", this has some impact > on > > > test > > > > >> cases of downstream projects -> it is not a problem, I consider > > this a > > > > bug > > > > >> on downstream projects, testcases should be more robust as BK > > provides > > > > >> typed Exceptions > > > > >> > > > > >> Enrico > > > > >> > > > > >> > > > > >> 2017-12-05 6:19 GMT+01:00 Jia Zhai <zhai...@apache.org>: > > > > >> > > > > >> > Hi everyone, > > > > >> > > > > > >> > Please review and vote on the release candidate #0 for the > version > > > > >> > 4.6.0, as follows: > > > > >> > [ ] +1, Approve the release > > > > >> > [ ] -1, Do not approve the release (please provide specific > > > comments) > > > > >> > > > > > >> > The complete staging area is available for your review, which > > > > includes: > > > > >> > * Release notes [1] > > > > >> > * The official Apache source and binary distributions to be > > deployed > > > > >> > to dist.apache.org [2] > > > > >> > * All artifacts to be deployed to the Maven Central Repository > [3] > > > > >> > * Source code tag "release-4.6.0" [4] > > > > >> > > > > > >> > BookKeeper's KEYS file contains PGP keys we used to sign this > > > > >> > release:https://dist.apache.org/repos/dist/release/ > > bookkeeper/KEYS > > > > >> > > > > > >> > Please download these packages and review this release > candidate: > > > > >> > > > > > >> > - Review release notes > > > > >> > - Download the source package (verify md5, shasum, and asc) and > > > follow > > > > >> the > > > > >> > instructions to build and run the bookkeeper service. > > > > >> > - Download the binary package (verify md5, shasum, and asc) and > > > follow > > > > >> the > > > > >> > instructions to run the bookkeeper service. > > > > >> > - Review maven repo, release tag, licenses, and any other things > > you > > > > >> think > > > > >> > it is important to a release. > > > > >> > > > > > >> > The vote will be open for at least 72 hours. It is adopted by > > > majority > > > > >> > approval, with at least 3 PMC affirmative votes. > > > > >> > > > > > >> > Thanks, > > > > >> > Jia Zhai > > > > >> > > > > > >> > [1] *https://github.com/apache/bookkeeper/pull/759 > > > > >> > <https://github.com/apache/bookkeeper/pull/759>* > > > > >> > [2] *https://dist.apache.org/repos/dist/dev/bookkeeper/ > > > > >> > bookkeeper-4.6.0-rc0/ > > > > >> > <https://dist.apache.org/repos/dist/dev/bookkeeper/bookkeepe > > > > r-4.6.0-rc0/ > > > > >> >* > > > > >> > [3] https://repository.apache.org/content/repositories/ > > > > >> > orgapachebookkeeper-1021/ > > > > >> > [4] https://github.com/apache/bookkeeper/tree/release-4.6.0 > > > > >> > > > > > >> > > > > > > > > > > -- -- Enrico Olivelli
