Hi Justing, Thanks for the comments. I guess it will take some time for us to fully go through the list and resolve it. I have a few comments/questions inline if I may.
On Sat, Jan 20, 2018 at 5:49 AM, Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > It -1 (binding) as there may be GPL inclusions in the release and Category > B software in a source release, the source release LICENSE is missing > several things, and the binary LICENSE and NOTICE contains too much and the > source release contains compiled source, may also be some images that you > don’t have permission to use or distribute. Some of these may turn out to > be minor issues but they need to be clarified. > > Please ask your mentors to help on fixing up the LICENSE and/or read this > [1]. Some time ago I also made this which may help. [2][3] I suggest you > also run rat on the release to find some of these issues I found. > > I checked: > - incubating in name > - disclaimer exists > - LICENSE has a number of issues (see below) > - NOTICE is OK > - There’s a number of file that are missing ASF headers, including 700 odd > java files, and a large number number of xml, dtd, wdsl, xsd and files > containing code ending with .pass. > Regarding the Java files and .pass files: as NetBeans is (among other things) a Java IDE, it has tests that take a Java file (often very simple or peculiar). The expected output may be in a .pass file - in which case the .pass file may contain (possibly transformed) code. It is not the only system used for test, but it is used commonly. What is the proper way to handle such tests under ASF? My understanding is (was) that test files that would cause tests fail may have no license header: https://www.apache.org/legal/src-headers.html#faq-exceptions > - unexpected binary files in the source release [26][27][28][29] (these > contain compiled code) > > Several (not dual license) GPL license files exist in the source release. > Does this software include GPL or depend on any GPL licensed software? For > instance [4][19] > There are a few optional and/or compile-time GPL-type dependencies (+a dependency on JDK), but none of them is supposed to be in the release files. > > There a large number of icons in the release do know the ip provenance of > them and how they are licensed? > > There also seems to be a number of stock photos [30][31][32] in the > release. How are they licensed? Do you have permission to use or distribute > them? > > LICENSE is missing licenses for: > - CDDL licensed this [5] and about 100 others inside SFS-Editors-Folder.zip > - These CDDL/GPL licensed files [7][8][10] and a number of files like this > one is [9] > - this patch file seems to be removing a GPL/CDDL header [6] > - these EPL licensed files [11][12][13][14][15][16] > - these files under the sun public license [17][18] > - this MIT licensed file [20] (which also includes MIT licensed > normalize.css) > - this patch seems to be removing a MIT license header [21] > As I read the patch, it is removing whole files including their headers. But maybe I missed some occurrence? > - this IOS file [22] (and about a dozen other files) > - how is this file licensed? [23] > - this WC3 license file [24] and a dozen others > > However CDDL, EPL and the sun public license are in Category B [25] and > not allowed is source form in a release. > > I glanced at the binary LICENSE and NOTICE of the binary and I think > there's too much information in there. > - There is no need to repeat the Apache license text several times > - Only 3rd party software that is bundled in the source release needs to > be mention in LICENSE and NOTICE. Is everything mentioned really bundled? > (I assume this is about LICENSE and NOTICE for the convenience binaries.) Both these files are automatically generated for the given build. I double-checked the files referred to in LICENSE, and they seem to exist in the binary, so as far as I can tell, we really bundle this stuff. > - NOTICE seems to contain too much information > I believe this is based on the NOTICE files of the included dependencies. Is there something specific we should remove? Thanks, Jan > - For long licenses it best to use a pointer the the full text of the > license rather than include the full text > > Thanks, > Justin > > 1. http://www.apache.org/dev/licensing-howto.html > 2. https://vimeo.com/171210141 > 3. https://github.com/justinmclean/ApacheWombat > 4. nbbuild/licenses/LGPL-2.1 > 5. test/unit/src/org/netbeans/modules/editor/settings/ > storage/compatibility/p1/SFS-Editors-Folder.zip/Editors/ > AnnotationTypes/Breakpoint.xml > 6. css.lib/src/org/netbeans/modules/css/lib/antlrv4.patch > 7. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/orm_1_0.xsd > 8. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/persistence_1_0.xsd > 9. refactoring.java/test/qa-functional/data/goldenfiles/ > org/netbeans/modules/test/refactoring/MoveTest/testMoveClass.pass > 10. websvc.saas.api/src/org/netbeans/modules/websvc/saas/ > model/wadl20061109.xsd > 11. xml.jaxb/src/org/netbeans/modules/xml/jaxb/resources/ > eclipselink_oxm_2_3.xsd > 12. maven.coverage/src/org/netbeans/modules/maven/coverage/jacoco-1.0.dtd > 13. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/orm_2_0.xsd > 14. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/orm_2_1.xsd > 15. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/persistence_2_0.xsd > 16. j2ee.persistence/src/org/netbeans/modules/j2ee/ > persistence/dd/resources/persistence_2_1.xsd > 17. diff/test/unit/src/org/netbeans/modules/diff/builtin/ > provider/DiffTestFile1a.txt > 18. diff/test/unit/src/org/netbeans/modules/diff/builtin/ > provider/DiffTestFile1b.txt > 19 apisupport.installer/src/org/netbeans/modules/apisupport/ > installer/resources/licenses/GPL > 20. css.model/test/unit/data/testfiles/bootstrap.css > 21. html.validation/external/validator.patch > 22. html.editor/src/org/netbeans/modules/html/editor/resources/ > DTDs/4_0/HTMLlat1.ent > 23. welcome/src/org/netbeans/modules/welcome/resources/rss-0_91.dtd > 24. src/org/netbeans/modules/xml/catalog/resources/Transform.xsd > 25. https://www.apache.org/legal/resolved.html#category-b > 26. ./lib.terminalemulator/examples/lib.richexecution/ > process_start-linux-intel.zip > 27. ./lib.terminalemulator/examples/lib.richexecution/ > process_start-mac-intel.zip > 28. ./lib.terminalemulator/examples/lib.richexecution/ > process_start-solaris-intel.zip > 29. ./lib.terminalemulator/examples/lib.richexecution/ > process_start-solaris-sparc.zip > 30. ./netbeans/javafx2.samples/DisplayShelf/src/displayshelf/animalX.jpg > 31. ./netbeans/javafx2.samples/Fireworks/src/Fireworks/sf.jpg > 32. ./netbeans/javafx2.samples/PuzzlePieces/src/puzzlepieces/ > PuzzlePieces-picture.jpg > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
