Looks like we have CI to run it when pushing commits to the branch. Here is the branch-4.14 CI status: https://github.com/apache/bookkeeper/runs/3356954459, the license check is passed on it.
But when I build the bookkeeper and run the `dev/check-all-licesnses` on my laptop, it failed. I tried it with master branch and branch-4.14, they all failing. There is the error: ``` ++ dirname dev/check-all-licenses + HERE=dev + BOOKKEEPER_DIST=dev/../bookkeeper-dist + dev/check-binary-license dev/../bookkeeper-dist/server/target/bookkeeper-server-4.14.2-SNAPSHOT-bin.tar.gz io.netty-netty-transport-native-epoll-4.1.63.Final.jar unaccounted for in LICENSE It looks like there are issues with the LICENSE/NOTICE in dev/../bookkeeper-dist/server/target/bookkeeper-server-4.14.2-SNAPSHOT-bin.tar.gz. See http://bookkeeper.apache.org/community/licensing for details on how to fix. ``` Have you seen this before? Yong On Wed, 18 Aug 2021 at 18:25, Enrico Olivelli <eolive...@gmail.com> wrote: > Il giorno mer 18 ago 2021 alle ore 11:08 Yong Zhang < > zhangyong1025...@gmail.com> ha scritto: > > > Do you mean the apache-rat check? I just ran it and looks good. > > > > see here > > https://github.com/apache/bookkeeper/blob/master/.github/workflows/pr-validation.yml#L54 > > dev/check-all-licenses > > usually we run it against every PR but it is not running for cherry-picks > > I suggest you to run that tool before preparing the new RC, this way we > will save some -1 because of license file issues. > Probably there is not problem actually, but I wanted to let you know about > this topic > > > Enrico > > > > > On Wed, 18 Aug 2021 at 14:48, Enrico Olivelli <eolive...@gmail.com> > wrote: > > > > > Yong, > > > did you run the license check after cherry picking? > > > > > > Enrico > > > > > > Il giorno mer 18 ago 2021 alle ore 02:57 Yong Zhang < > > > zhangyong1025...@gmail.com> ha scritto: > > > > > > > I have cherry-picked them[1] into the branch-4.14. Will roll out a > new > > > RC. > > > > > > > > [1] > > > > > > > > > > > > > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+label%3Arelease%2F4.14.2+is%3Aclosed > > > > > > > > Yong > > > > > > > > On Wed, 18 Aug 2021 at 08:44, Yong Zhang <zhangyong1025...@gmail.com > > > > > > wrote: > > > > > > > > > I saw there has some other security PRs, should we include that in > > this > > > > > release? > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/apache/bookkeeper/pulls?q=is%3Apr+SECURITY+is%3Aclosed+milestone%3A4.15.0 > > > > > > > > > > Yong > > > > > > > > > > On Wed, 18 Aug 2021 at 00:01, Enrico Olivelli <eolive...@gmail.com > > > > > > wrote: > > > > > > > > > >> good point Flavio > > > > >> the PR that fixed that problem has been merged only on master > branch > > > > >> (4.15.0) > > > > >> https://github.com/apache/bookkeeper/pull/2693 > > > > >> > > > > >> it is a good motivation to roll out a new RC IMHO, > > > > >> the PR is already merged to another branch, it is only a matter of > > > > cherry > > > > >> picking > > > > >> > > > > >> Enrico > > > > >> > > > > >> Il giorno mar 17 ago 2021 alle ore 17:53 Flavio Junqueira < > > > > f...@apache.org > > > > >> > > > > > >> ha scritto: > > > > >> > > > > >> > It sounds like there are more vulnerabilities that can be > > addressed > > > > with > > > > >> > upgrades: > > > > >> > > > > > >> > https://github.com/apache/bookkeeper/issues/2511 < > > > > >> > https://github.com/apache/bookkeeper/issues/2511> > > > > >> > > > > > >> > Do we want to proceed with 4.14.2 and consider a 4.14.3 that > > > addresses > > > > >> > other vulnerabilities or try to address as many as we are aware > > of? > > > > I'm > > > > >> > asking because I'm already seeing an RC out. > > > > >> > > > > > >> > Thanks, > > > > >> > -Flavio > > > > >> > > > > > >> > > On 17 Aug 2021, at 07:59, Sijie Guo <guosi...@gmail.com> > wrote: > > > > >> > > > > > > >> > > +1 > > > > >> > > > > > > >> > > On Thu, Aug 12, 2021 at 11:59 PM Yong Zhang <y...@apache.org> > > > > wrote: > > > > >> > >> > > > > >> > >> Hi, > > > > >> > >> > > > > >> > >> We have changed the BouncyCastle at this PR > > > > >> > >> https://github.com/apache/bookkeeper/pull/2631, > > > > >> > >> which introduces an Incompatible issue. Detail: > > > > >> > >> https://github.com/apache/pulsar/issues/10937. > > > > >> > >> > > > > >> > >> This also blocks the user upgrade their charts to pulsar > 2.8.0 > > > > >> > >> https://github.com/apache/pulsar-helm-chart/pull/130 > > > > >> > >> > > > > >> > >> We have fixed it by > > > https://github.com/apache/bookkeeper/pull/2740 > > > > , > > > > >> > >> so I want to start a new release of bookkeeper for unblocking > > the > > > > >> users. > > > > >> > >> > > > > >> > >> If there are no objections, I'll move forward with the patch > > > > release. > > > > >> > >> > > > > >> > >> Thanks, > > > > >> > >> Yong > > > > >> > > > > > >> > > > > > >> > > > > > > > > > > > > > > >
