Re: [VOTE] Release Apache Mynewt 1.0.0-b1-incubating-rc1

Mon, 28 Nov 2016 20:34:08 -0800 

Thanks Justin.
I’ll let Chris chime in on the rest of the notices (or just fix them), but I wanted to specifically clarify [5] referenced below. This license is not considered Category X either — do you know what the status of 4-clause BSD is? 


Its low risk to remove that file, and we can eventually replace it.  I 
just wanted to clarify license status.


Sterling

On 28 Nov 2016, at 19:13, Justin Mclean wrote:


Hi,


-1 binding due to LICENSE issues (see below) and cryptography issues 
(tinycrypt and polarssl) and there’s a license incompatible with 
Apache license 2.0 in the release. [5] (4 clause BSD)



It looks like tinycrypt and polarssl has been added  since last 
release but not listed here(?) [2]


I checked:
- artefacts include incubating
- signatures and hashes good
- NOTICE is good
- LICENSE is missing quite a few items (see below)
- DISCLAIMER exists
- All source files have headers
- No unexpected binary files in release


The LICENSE files for core and newt are identical to last release but 
several 3rd party items have been added


For core:
- BSD licensed  tiny crypt  copyright (c) 2015, Intel Corporation [3]
- BSD license PPP copyright (c) 1994-2002 Paul Mackerras [4]+
- BSD license CHAP/MD5 copyright (c) 1994-2002 Paul Mackerras [4]+
- BSD license CHAP copyright (c) 1995 Eric Rosenquist. [4]
- PD license EAP for PP  2001 by Sun Microsystems, Inc. [4]
- BSD license PPP Encryption copyright (c) 2002 Google, Inc.[4]
- BSD license EUI64 copyright (c) 1999 Tommi Komulainen[4]+

- BSD license assorted files copyright (c) 1984-2000 Carnegie Mellon 
University. [4]+
- MIT licensed PPP copyright (c) 2003 by Marc Boucher and Copyright 
(c) 1997 Global Election Systems Inc. [4]+

- BSD licensed files copyright 2016 STMicroelectronics [6]

- BSD licensed code based on XySSL copyright (C) 2006-2008  Christophe 
Devine [7]

- BSD licensed polarssl  copyright (C) 2009  Paul Bakker [7]

- BSD license SNMP copyright (c) 2001, 2002 Leon Woestenberg and 
copyright (c) 2001, 2002 Axon Digital Design B.V. [8] (and other 
files)
- BSD licensed lwIP TCP/IP stack copyright (c) 2001, 2002 Swedish 
Institute of Computer Science. [9]

- BSD licensed IGMP copyright (c) 2002 CITEL Technologies Ltd. [10]
- BSD license AutoIP copyright (c) 2007 Dominik Spies [11]

- BSD license files copyright (c) 2013 - 2015, Freescale 
Semiconductor, Inc. [12]
- BSD licensed coap copyright 2016 Intel Corporation and 2013, 
Institute for Pervasive Computing, ETH Zurich [13]
- and about a dozen others (including ARM and Nordic Semiconductor) as 
I gave up at this point



Note the lines marked + have an additional clause (required notice) 
that effects the NOTICE file (I think).


For newt:
- PD licensed code copyright (c) 2012 Miki Tebeka [14]
- 20 or so MIT(?) licensed files [15] copyright Ugorji Nwoke [15]
- MIT licensed go coap copyright (c) 2013 Dustin Sallings [16]
- BSD licensed gatt  copyright (c) 2014 PayPal Inc [17]
- MIT licensed xpc [18]
- MIT licensed gioctl copyright (c) 2014 Mark Wolfe [19]


This file [5] is licensed under a 4 clause BSD license which is not on 
the list of approved licenses.



Also looks like you download page need updating to provide links to 
download the voted on artefacts for the last release. [1]


Thanks,
Justin

1. https://mynewt.apache.org/download/
2. https://www.apache.org/licenses/exports/
3. ./apache-mynewt-core-1.0.0-b1-incubating/crypto/tinycrypt/*

4. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/*
5. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/pppoe.c
6. 
./apache-mynewt-core-1.0.0-b1-incubating/hw/mcu/stm/stm32f4xx/src/ext/Drivers/CMSIS/Device/ST/STM32F4xx/*
7. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/netif/ppp/polarssl/*
8. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/include/lwip/apps/snmp.h

9. ./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/

10. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/core/ipv4/igmp.c
11. 
./apache-mynewt-core-1.0.0-b1-incubating/net/ip/lwip_base/src/core/ipv4/autoip.c
12. 
./apache-mynewt-core-1.0.0-b1-incubating/hw/mcu/nxp/src/ext/sdk-2.0-frdm-k64f_b160321/devices/MK64F12/*
13. 
./apache-mynewt-core-1.0.0-b1-incubating/net/oic/src/messaging/coap/*
14. 
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/Sirupsen/logrus/alt_exit.go
15  
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/ugorji/go/codec/*.go
16 
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/dustin/go-coap/LICENSE
17 
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/*
18 
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/xpc/*
19. 
./apache-mynewt-newt-1.0.0-b1-incubating/newtmgr/vendor/github.com/runtimeinc/gatt/linux/gioctl/*



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org























					Reply via email to