Hi, -1 (binding) binary in source release, LICENSE and NOTICE issues, ASF header added to files not under Apache 2.0 license, possible inclusion of GPL licensed software and possible Category X software included in release (BSD with ad clause).
This is not a simple release to check and I may of missed a few things due to the large amount of noise. I checked: - release contains incubating - signatures and hashes good - I’m not sure what the intent of COPYRIGHT is. I also don't think as it has been suggested that this should be merged with NOTICE, NOTICE doesn’t not list all copyrights just those that have be relocated from source files. [1] - NOTICE incorrecly contains a long list of copyright statements. I would expect to see one or perhaps two here i.e. the original authors who donated the software and who copyright statements were removed from the original files. - LICENSE is missing a large number of things (see below) - Please use the short form of the license linking to a license files in LICENSE - Looks like there is an unexpected binary in the release [2] May be others given rat reports 770+ binary files - Impossible to say if files have correct ASF headers or not, given the large number of files with ASF headers (5000 odd files) - Failed to compile form source but likely my setup License is missing (in some cases note the different copyright owners) - BSD licensed code [3] - BSD license code [7] - license for this file [9] - license for this file [10] Are we OK this was taken form GNU C? - MIT license PSI [11] - BSD licensed code [12] - BSD licensed code [13] Is this regard as cryptography code? [14] - BSD licensed code [15][16] - license for this file [17] - license of these files [18][19] - license of this file [20] - regex license [21] - How are these files licensed? [22] + others copyright AEG Automation GmbH - How is this file licensed? [23] - BSD licensed libpq [24]. Is this consider crypto code and may need an export license? - pgdump [25] - license for this file [26] - license for this file [27] Look like an ASF header may of been incorrectly added to this. - This BSD licensed file [36] - license for these files [37][38] and others in [39] - This BSD licensed file [40] - This BSD licensed file [41] - BSD licensed pychecker [42] - licenses for all of these files [43] - BSD license pg800 [44] - how is this file licensed? [45] - license for this file [47] - Python license for this file [48]. Is this an Apache comparable license? - How are these files licensed? [49] Note multiple copyright owners and missing headers. - BSD licensed fig leaf. [50] Note that files incorrectly has had ASF headers applied. - This BSD licensed file [51] - This public domain style sheet [52] - This file [53] - License for unit test2 [54] - MIT licensed lock file [55] - JSON code here [56] - License for this file [57] And I may of missed some, as I wasn't doing a full review - that would likely take many many hours. Looks like GPL/LPGL licensed code may be included [4][5][6] in the release. This file [8] and others(?) may incorrectly have an ASF headers on it. Also why does this file have an ASF header with copyright line? [46] Code includes code licensed under the 4 clause BSD license which is not compatible with the Apache 2.0 license. [28][29][30][31][32][33] It may be that this clause has been rescinded [35] and it OK to include but that needs to be checked. I’d suggest that build instructions are included in the release rather than a link to them. If the instructions at the URL change in the future how do I know how to build this release? Also some one owes me a beer! Thanks, Justin 1. http://www.apache.org/legal/src-headers.html#headers 2. depends/thirdparty/thrift/lib/erl/rebar 3. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py 4. ./depends/thirdparty/thrift/debian/copyright (end of file) 5. ./depends/thirdparty/thrift/doc/licenses/lgpl-2.1.txt 6. ./tools/bin/gppylib/operations/test/test_package.py 7. ./depends/thirdparty/thrift/compiler/cpp/src/md5.? 8. ./tools/sbin/hawqstandbywatch.py 9. ./src/backend/port/dynloader/ultrix4.h 10. ./src/port/inet_aton.c 11. ./tools/bin/pythonSrc/PSI-0.3b2_gp/ 12. ./src/port/snprintf.c 13 ./src/port/crypt.c 14. http://www.apache.org/dev/crypto.html 15. ./src/port/memcmp.c 16. ./src/backend/utils/mb/wstrcmp.c 17. ./src/port/rand.c 18. ./src/backend/utils/adt/inet_net_ntop.c 19. ./src/backend/utils/adt/inet_net_pton.c 20 ./src/port/strlcpy.c 21. ./src/backend/regex/COPYRIGHT 22. ./src/backend/port/qnx4/shm.c 23. ./src/backend/port/beos/shm.c 24. ./src/backend/libpq/sha2.? 25. ./src/bin/pg_dump/ 26. ./src/port/gettimeofday.c 27. ./depends/thirdparty/thrift/lib/cpp/src/thrift/windows/SocketPair.cpp 28. ./src/backend/port/dynloader/freebsd.c 29. ./src/backend/port/dynloader/netbsd.c 30. ./src/backend/port/dynloader/openbsd.c 31. ./src/bin/gpfdist/src/gpfdist/glob.c 32. ./src/bin/gpfdist/src/gpfdist/include/glob.h 33. ./src/include/port/win32_msvc/glob.h 34. ./src/port/glob.c 35. ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change 36. ./src/bin/pg_controldata/pg_controldata.c 37. ./depends/thirdparty/thrift/aclocal/ax_cxx_compile_stdcxx_11.m4 38. ./depends/thirdparty/thrift/aclocal/ax_boost_base.m4 39. ./depends/thirdparty/thrift/aclocal 40. ./depends/thirdparty/thrift/build/cmake/FindGLIB.cmake 41. ./tools/bin/pythonSrc/unittest2-0.5.1/setup.py 42. ./tools/bin/pythonSrc/pychecker-0.8.18/ 43. ./src/interfaces/libpq/po/*.po 44. ./tools/bin/ext/pg8000/* 45. ./src/backend/utils/mb/Unicode/UCS_to_GB18030.pl 46. ./contrib/hawq-hadoop/hawq-mapreduce-tool/src/test/resources/log4j.properties 47 ./tools/bin/pythonSrc/lockfile-0.9.1/lockfile/pidlockfile.py 48 ./tools/bin/pythonSrc/pychecker-0.8.18/pychecker2/symbols.py 49. ./src/backend/utils/mb/Unicode/* 50. ./tools/bin/ext/figleaf/* 51. ./depends/thirdparty/thrift/lib/py/compat/win32/stdint.h 52. ./tools/bin/pythonSrc/PyGreSQL-4.0/docs/default.css 53. ./src/test/locale/test-ctype.c 54 ./tools/bin/pythonSrc/unittest2-0.5.1/unittest2/ 55. ./tools/bin/pythonSrc/lockfile-0.9.1/LICENSE 56. ./src/include/catalog/JSON 57. ./src/pl/plperl/ppport.h --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org