> * as an example, with 'CDDL-1.0 and GPL-2.0' [4], you should state > that you choose CDDL-1.0 because GPL-2.0 is not allowed
This is an interesting point. I suppose those NOTICE / LICENSE of binary are generated by some maven plugins, or at least there are a few of ASF projects doing so. Then it conveys the license info as is, while select those dual licenses one by one can be hard without plugin's help. So we'd either: (1) customized those plugins/automations to allow a mapping of license chooser (2) convey the license as is since the receiver can actually use those code/artifacts under a Category A/B license. We may consider if (2) is acceptable and it would reduce lots of work. Best, tison. PJ Fanning <fannin...@apache.org> 于2024年7月6日周六 12:13写道: > There are a number of other MIT licensed files in your > console/src/main/resources/static folder and subfolders. CSS and > Javascript files. > > All need to be mentioned in your LICENSE file. > > On Sat, 6 Jul 2024 at 20:00, PJ Fanning <fannin...@apache.org> wrote: > > > > -1 (binding) from me > > > > * You have MIT Licensed code but no mention of it in your LICENSE [1]. > > One example [2] but there is another g4 file with the same header. > > * The LICENSE mentions BSD LIcense for Antlr and maybe this relates to > > these MIT Licensed files but this isn't clear > > * there is another MIT licensed source file with no mention in your > LICENSE [3] > > * seata-server/templates/_helpers.tpl [5] is a copy of a file in > > github.com/open-hand/hzero-starter-parent/ - this should be mentioned > > in your LICENSE unless the file in > > github.com/open-hand/hzero-starter-parent/ is a copy of your file > > * The LICENSE in your binary file could really be made easier to use > > by explicitly including the names of the licenses instead of including > > links to the license files many of which are not browser friendly. The > > Abego one has an expired HTTPS cert. > > * The LICENSE in your binary file should state which license you want > > to use when the dependency has more than 1 license > > * as an example, with 'CDDL-1.0 and GPL-2.0' [4], you should state > > that you choose CDDL-1.0 because GPL-2.0 is not allowed > > * more of a nit but I think you should use tar.gz for both the src and > > bin artifacts - it seems odd to use zip for src and tar.gz for bin > > > > > > > > [1] https://github.com/apache/incubator-seata/blob/2.x/LICENSE > > [2] > https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/sqlparser/seata-sqlparser-antlr/src/main/java/org/apache/seata/sqlparser/antlr/mysql/antlr/MySqlLexer.g4 > > [3] > https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/console/src/main/resources/static/saga-statemachine-designer/bundle.js.LICENSE.txt > > [4] > https://github.com/apache/incubator-seata/blob/238cf3ab8e0c6f781e52f8efec19d54bab40cef0/distribution/LICENSE#L610 > > [5] > https://github.com/open-hand/hzero-starter-parent/blob/af7589bc0041f687b143e77f2171b1fd79ba0a9d/hzero-starter-seata/src/main/resources/script/server/helm/seata-server/templates/_helpers.tpl > > > > On Sat, 6 Jul 2024 at 19:17, PJ Fanning <fannin...@apache.org> wrote: > > > > > > I think it would be better to put RC4 in the directory name of the > release dir. > > > > > > > https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0/ > > > should be > > > > https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0-RC4/ > > > or even > > > https://dist.apache.org/repos/dist/dev/incubator/seata/2.1.0-RC4/ > > > > > > Don't put the RC4 in the name of the tar.gz files or the directory > > > names inside the tar.gz. > > > > > > Again, not a reason to restart the release process - but a suggestion > > > for the next RC whenever that is. > > > > > > On Fri, 5 Jul 2024 at 18:14, tison <wander4...@gmail.com> wrote: > > > > > > > > BTW, the unpacked folders name: > > > > > > > > apache-seata-2.1.0-incubating-src.zip -> incubator-seata-2.1.0 > > > > apache-seata-2.1.0-incubating-bin.tar.gz -> apache-seata > > > > > > > > looks unaligned. I suppose you try to name them: > > > > > > > > apache-seata-2.1.0-incubating-src.zip -> > apache-seata-2.1.0-incubating-src > > > > apache-seata-2.1.0-incubating-bin.tar.gz -> > > > > apache-seata-2.1.0-incubating-bin > > > > > > > > while this is a suggestion rather than some guidelines or policies. > > > > > > > > Best, > > > > tison. > > > > > > > > > > > > tison <wander4...@gmail.com> 于2024年7月5日周五 10:11写道: > > > > > > > > > +1 (binding) > > > > > > > > > > I checked: > > > > > > > > > > * Download links work > > > > > * Signature and checksum matches > > > > > > > > > > gpg: Signature made 六 6/15 06:08:36 2024 PDT > > > > > gpg: using RSA key > B51F1A5056BC5D6FBF2D82871E90338E9FA7635C > > > > > gpg: Good signature from "jimin (CODE SIGN) <ji...@apache.org>" > [unknown] > > > > > gpg: WARNING: This key is not certified with a trusted signature! > > > > > gpg: There is no indication that the signature belongs to > the > > > > > owner. > > > > > Primary key fingerprint: B51F 1A50 56BC 5D6F BF2D 8287 1E90 338E > 9FA7 635C > > > > > > > > > > * LICENSE / NOTICE / DISCLAIMER exist > > > > > * Files have ASF license header > > > > > > > > > > I cannot build from source on osx_aarch64 due to: > > > > > > > > > > [ERROR] Failed to execute goal > > > > > org.xolstice.maven.plugins:protobuf-maven-plugin:0.6.1:compile > (default) on > > > > > project seata-serializer-protobuf: Unable to resolve artifact: > Missing: > > > > > [ERROR] ---------- > > > > > [ERROR] 1) com.google.protobuf:protoc:exe:osx-aarch_64:3.11.0 > > > > > [ERROR] > > > > > [ERROR] Try downloading the file manually from the project > website. > > > > > [ERROR] > > > > > [ERROR] Then, install it using the command: > > > > > [ERROR] mvn install:install-file > -DgroupId=com.google.protobuf > > > > > -DartifactId=protoc -Dversion=3.11.0 -Dclassifier=osx-aarch_64 > > > > > -Dpackaging=exe -Dfile=/path/to/file > > > > > [ERROR] > > > > > [ERROR] Alternatively, if you host your own repository you can > deploy > > > > > the file there: > > > > > [ERROR] mvn deploy:deploy-file -DgroupId=com.google.protobuf > > > > > -DartifactId=protoc -Dversion=3.11.0 -Dclassifier=osx-aarch_64 > > > > > -Dpackaging=exe -Dfile=/path/to/file -Durl=[url] > -DrepositoryId=[id] > > > > > [ERROR] > > > > > [ERROR] Path to dependency: > > > > > [ERROR] 1) org.apache.seata:seata-serializer-protobuf:jar:2.1.0 > > > > > [ERROR] 2) com.google.protobuf:protoc:exe:osx-aarch_64:3.11.0 > > > > > [ERROR] > > > > > [ERROR] ---------- > > > > > [ERROR] 1 required artifact is missing. > > > > > [ERROR] > > > > > [ERROR] for artifact: > > > > > [ERROR] org.apache.seata:seata-serializer-protobuf:jar:2.1.0 > > > > > [ERROR] > > > > > [ERROR] from the specified remote repositories: > > > > > [ERROR] apache.snapshots ( > https://repository.apache.org/snapshots, > > > > > releases=false, snapshots=true), > > > > > [ERROR] central (https://repo.maven.apache.org/maven2, > releases=true, > > > > > snapshots=false) > > > > > > > > > > But I think it's fair enough to upgrade the related dependencies > in a > > > > > following commit. > > > > > > > > > > The link to KEYS file should be updated as stated above, but it's > not a > > > > > release blocker anyway. > > > > > > > > > > Best, > > > > > tison. > > > > > > > > > > Best, > > > > > tison. > > > > > > > > > > > > > > > tison <wander4...@gmail.com> 于2024年7月5日周五 10:09写道: > > > > > > > > > >> You should use https://downloads.apache.org/incubator/seata/KEYS > > > > >> instead of dist dev. > > > > >> > > > > >> You can upload the KEYS file to > > > > >> https://dist.apache.org/repos/dist/release/incubator/seata/KEYS > and > > > > >> the downloads link would work. > > > > >> > > > > >> Best, > > > > >> tison. > > > > >> > > > > >> Min Ji <ji...@apache.org> 于2024年7月5日周五 10:03写道: > > > > >> > > > > > >> > Hello, > > > > >> > > > > > >> > This is a call for vote on releasing Apache Seata(incubating) > > > > >> v2.1.0-RC4. > > > > >> > > > > > >> > The vote thread: > > > > >> > > https://lists.apache.org/thread/s0gxv49802kk8y3dnxr8ytxy6ghkkjr6 > > > > >> > > > > > >> > Vote Result: > > > > >> > > https://lists.apache.org/thread/km5dzmhw2j7ow86pk3g81f1z50sojomz > > > > >> > > > > > >> > The release candidates: > > > > >> > > > > > >> > https://dist.apache.org/repos/dist/dev/incubator/seata/incubator-seata/2.1.0/ > > > > >> > > > > > >> > The staging repo: > > > > >> > > https://repository.apache.org/content/repositories/orgapacheseata-1030/ > > > > >> > > > > > >> > Git tag for the release: > > > > >> > https://github.com/apache/incubator-seata/releases/tag/v2.1.0 > > > > >> > > > > > >> > Git commit id for the release: > > > > >> > > > > > >> > https://github.com/apache/incubator-seata/commit/38e9cea8bd611eca1e837e766b41a1334473c5f4 > > > > >> > > > > > >> > Release Notes: > > > > >> > https://github.com/apache/incubator-seata/releases/tag/v2.1.0 > > > > >> > > > > > >> > The artifacts have been signed with Key : > > > > >> > B51F1A5056BC5D6FBF2D82871E90338E9FA7635C, which can be found in > the > > > > >> > keys file: > > > > >> > https://dist.apache.org/repos/dist/dev/incubator/seata/KEYS > > > > >> > > > > > >> > Build Environment: JDK 8+, Apache Maven 3.6.0+. > > > > >> > Build Command: ./mvnw clean package -DskipTests=true, If you are > > > > >> > building on an ARM64 architecture, please add the profile > -Parrch64. > > > > >> > > > > > >> > CI Test Workflow: > > > > >> > > > > > >> > https://github.com/apache/incubator-seata/actions/runs/9527005533/job/26263693001 > > > > >> > > > > > >> > The vote will be open for at least 72 hours or until necessary > number > > > > >> > of votes are reached. > > > > >> > > > > > >> > Please vote accordingly: > > > > >> > > > > > >> > [ ] +1 approve > > > > >> > [ ] +0 no opinion > > > > >> > [ ] -1 disapprove with the reason > > > > >> > > > > > >> > Checklist for reference: > > > > >> > [ ] Download links are valid. > > > > >> > [ ] Checksums and PGP signatures are valid. > > > > >> > [ ] Source code distributions have correct names matching the > current > > > > >> > release. > > > > >> > [ ] LICENSE and NOTICE files are correct for each Answer repo. > > > > >> > [ ] All files have license headers if necessary. > > > > >> > [ ] No unlicensed compiled archives bundled in source archive. > > > > >> > > > > > >> > > > > > >> > > > > > >> > Warm regards, > > > > >> > > > > > >> > Ji Min > > > > >> > > > > > >> > > --------------------------------------------------------------------- > > > > >> > To unsubscribe, e-mail: > general-unsubscr...@incubator.apache.org > > > > >> > For additional commands, e-mail: > general-h...@incubator.apache.org > > > > >> > > > > > >> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
