On Thu, Jun 21, 2018 at 10:10 PM Justin Mclean <jus...@classsoftware.com> wrote:
> Now I'm not on your PMC, don’t know your projects history and there may be > valid reasons for the current LICENSE and NOTICE contents so take this as > some friendly advice, you can choose to ignore it or not act on it. Looking > at your latest source release (2.3.1), I can see there seems too much > information in LICENSE and especially NOTICE for a source release. It may > be that the LICENE and NOTICE is intended for the binary release? [1] But > even if that is teh case it also seems to be missing a couple of licenses > for bundled software. > Yes, there's just one set, and it's really for the binary distribution. I don't think this is technically aligning with policy to use as the LICENSE and NOTICE for the source distro, even if it's not wrong from a license standpoint (i.e. it's not great to say source distro includes foo when it doesn't but not illegal). Let me take that point to your PR to see if there's a simple way to get that one right at last. > > But in general my alarm bells start ringing because: > - Category B licenses are listed (which shouldn't be in a source release) > I think this is an artifact of the above. I'm not aware of Cat B source in Spark but it's possible it slipped in. Point out where you see it if so. > - License information is listed in NOTICE when it should be in LICENSE > While I think I got this right a long time ago, a) things can change, and b) might have missed something. What in particular? (can reply on the PR) > - Dependancies are listed rather than what is actually bundled > Same as above I think; this is needed for the binary release. > > > * Are currently missing from license > All possibly missed, or added by those who didn't understand the licensing implication. I'll look at the PR. > > I also noticed some compiled code in the source release which probably > shouldn’t be there. [2] > spark-2.3.1/core/src/test/resources/TestUDTF.jar > spark-2.3.1/sql/hive/src/test/resources/SPARK-21101-1.0.jar > spark-2.3.1/sql/hive/src/test/resources/TestUDTF.jar > spark-2.3.1/sql/hive/src/test/resources/hive-contrib-0.13.1.jar > > spark-2.3.1/sql/hive/src/test/resources/hive-hcatalog-core-0.13.1.jar > spark-2.3.1/sql/hive/src/test/resources/data/files/TestSerDe.jar > > spark-2.3.1/sql/hive/src/test/resources/regression-test-SPARK-8489/test-2.10.jar > > spark-2.3.1/sql/hive/src/test/resources/regression-test-SPARK-8489/test-2.11.jar > spark-2.3.1/sql/hive-thriftserver/src/test/resources/TestUDTF.jar > These should be in the source release. They're not project code per se but files that test JAR handling.
