Thanks for the careful attention, Justin. Regarding the sample data for the StixExtractorTest.java, that came from here <https://github.com/STIXProject/stixproject.github.io/blob/master/getting-started/sample-walkthrough/IP_Watchlist-1.2.xml> and I considered it to be 3-clause BSD licensed due to the underlying project license here <https://github.com/STIXProject/stixproject.github.io/blob/master/LICENSE>. If you think it's clearer, we can pull it into its own file and mention it in the LICENSE for next release (JIRA here <https://issues.apache.org/jira/browse/METRON-297>).
Regarding the effective_tld_names.dat, we had this discussion last release and believe that they are reference data and should be considered acceptable. We did note them in the LICENSE here <https://github.com/apache/incubator-metron/blob/master/LICENSE#L205>. The rationale around why we think they should be acceptable as per category B is as follows: - It's reference data, so not source code, so I feel that the category B wording was trying to make the distinction between source code and non-src code (i.e. "binary/object" in their language) - It's not source code, so paragraph 3 shouldn't apply, but even so, it has not changed since the last release - It's currently only supported for a legacy enrichment adapter, but will be removed next release as we found a better way of doing things. Thoughts? Best, Casey On Fri, Jul 8, 2016 at 10:45 PM, Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > -1 (binding) until MPL licensed source issue resolved. > > I checked: > - name contains incubating > - signatures and hashes good > - DISCLAIMER exists > - LICENSE is OK, but look to be missing one permissive license? and > assuming its ok it would be best if the MPL was in another file. > - NOTICE is OK (but perhaps requires a notice from MPL?) > - All ASF source file have apache header > - No unexpected binary files > - Can compile from source > > For the license I think this file [1] may incorrectly have an apache > header. I’m also unsure of it’s license, but it’s likely to be permissive > [2] and needs to be mentioned in LICENSE. Can you fix this in the next > release please. > > There is a more serious issue in that the source includes MPL licensed > files.[4][5][6] This is a category B license [3] and as such files under > these terms can only included in binary form, but they plain text. They are > not small (10,000 lines) and given they contain list of domain name it > seems likely they they would change so I don’t think the last paragraph in > [3] applies either. It would also be a good idea to list where they come > from. > > Thanks, > Justin > > 1. > ./metron-platform/metron-data-management/src/test/java/org/apache/metron/dataloads/extractor/stix/StixExtractorTest.java > 2. http://stixproject.github.io/legal/ > 3. http://www.apache.org/legal/resolved.html#category-b > 4. > ./metron-platform/metron-common/src/test/resources/effective_tld_names.dat > 5. > ./metron-platform/metron-enrichment/src/main/resources/effective_tld_names.dat > 6. > ./metron-platform/metron-parsers/src/test/resources/effective_tld_names.dat > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
