On Thu, Nov 14, 2024 at 9:22 AM Alex Porcelli <a...@porcelli.me> wrote:
> John, > > As you might have realized, the issues with the LICENSE and NOTICE > files is that, based on my understanding from PJ feedback, they are a > bit scrambled and with additional information. We have a > DISCLAIMER-WIP that we also highlight we have a dependency with > Hibernate (LGPL). > > The current multiple NOTICES files are related to how the codebase is > structured - we have several repositories that host the codebase - so > each repository has its own set of legal files. > Understood. The original email linked about the problems made it look worse than it actually is when looking at the source tarball, namely there's one remaining JAR in the source that ultimately is where my -1 comes from. I think if you're rerolling the release to fix that JAR, you should also fix your LICENSE file. E.g. if you're listing that you have parts that are MIT, but those MIT licenses need to be in the LICENSE file. There are items from restricted [1] licenses listed, namely LGPL Hibernate and MPLv2 search-ui. I only did a spot check. If you're actually including this code in your source format, we can't release it, this is clear from our release guidelines for MPLv2. From the looks of it, you are in fact bundling MPLv2 at incubator-kie-drools/drools-docs/supplemental-ui/js/search-ui.js . If search-ui is really just in your docs then it may be an easy fix to simply exclude your docs from the source release for right now. I do think the Hibernate problem is a binary issue only, and likely doesn't impact the source tarball that much. Keep in mind that release votes aren't veto's [2]. If you get enough to clear the vote, then my -1 is simply recorded, unless you can fix it. - John [1]: https://apache.org/legal/resolved.html#weak-copyleft-licenses [2]: https://apache.org/foundation/voting.html#ReleaseVotes > > On Thu, Nov 14, 2024 at 5:40 AM John D. Ament <johndam...@apache.org> > wrote: > > > > With that clarification, the original thread and current bundles are a > bit > > confusing to follow. I had assumed that the main problem was that the > > NOTICE files called out dependencies that were not Apache V2 licensed yet > > those third party licenses were not listed in the LICENSE file. If the > > NOTICE is calling out dependencies that aren't even packaged, it's a > > different problem as the NOTICE is just being overstated and that's > > probably fine for an initial release. Even if a license is compatible > with > > our release process, it needs to be included in the LICENSE file. It is > > also confusing that you have multiple NOTICEs in your source release, > > typically we want just one. > > > > John > > > > On Thu, Nov 14, 2024 at 4:10 AM PJ Fanning <fannin...@apache.org> wrote: > > > > > The only jar that I could find in the source release is: > > > > > > > > > > incubator-kie-tools/packages/stunner-editors/errai-ui/src/test/resources/less.jar > > > > > > It would be ideal if this could be removed. > > > > > > apache-kie-10.0.0-incubating-sources.zip from > > > https://dist.apache.org/repos/dist/dev/incubator/kie/10.0.0-rc3/ > > > > > > I think it would also be useful if the KIE team could provide a 'How > > > to Build KIE from its source release' guide for IPMC reviewers. > > > > > > On Thu, 14 Nov 2024 at 03:21, John D. Ament <johndam...@apache.org> > wrote: > > > > > > > > On Wed, Nov 13, 2024 at 1:16 PM Alex Porcelli <porce...@apache.org> > > > wrote: > > > > > > > > > Hello everyone, > > > > > > > > > > This email serves as a call for votes to release Apache KIE > > > > > (Incubating) v10.0.0-rc3. In this release candidate we have made > > > > > efforts to incorporate feedback from the previous voting thread > [1]. > > > > > > > > > > The Apache KIE community has reviewed and approved the release of > > > > > Apache KIE (Incubating) v10.0.0-rc3. We now kindly request IPMC > > > > > members to review and cast their votes on this release. > > > > > > > > > > Important Note: We have identified an issue with the NOTICE and > > > > > LICENSE files [2], but we hope this will not pose a blocker for the > > > > > release. > > > > > > > > > > > > > Based on the description, I think they are. In addition, you need to > > > > resolve the binaries in your source release. Typically if they are > test > > > > artifacts, the source contents of them are available within the > source > > > tree > > > > with a command to run to build the test artifacts, or a download > location > > > > on where to pull them from would work as well. There is no one right > > > > answer that can be given. > > > > > > > > Also, I think you need to look at what a release is here at Apache. > > > While > > > > it's fine to have convenience binaries, a source release consists of > the > > > > source code that makes those binaries. What we would typically vote > on > > > is > > > > a source tarball that can be reviewed. The staged maven artifacts > are a > > > > combination of source JARs, binary JARs and other files. How do I > > > compile > > > > the source jars to make the binary JARs? [1] may be of interest if > you > > > > have not yet reviewed. > > > > > > > > So it's a -1 from me, johndament IPMC. > > > > > > > > John > > > > > > > > [1]: https://apache.org/dev/#releases > > > > > > > > > > > > > > > > > > Apache KIE(incubating) - The home of the most popular business > > > > > automation open-source technologies including Drools, jBPM, > > > > > SonataFlow, Optaplanner, Kogito and Tools. > > > > > > > > > > KIE community vote thread: > > > > > https://lists.apache.org/thread/nxx66ccognnk8fozt4nk11z7g57c7fnb > > > > > > > > > > Vote result thread: > > > > > https://lists.apache.org/thread/1hhkchlwt69fn9cd3lgok55mw61kn862 > > > > > > > > > > The release candidate: > > > > > https://dist.apache.org/repos/dist/dev/incubator/kie/10.0.0-rc3/ > > > > > > > > > > The maven staging repos for this release: > > > > > - Drools: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1055 > > > > > - Optaplanner: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1056 > > > > > - Kogito Runtimes: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1057 > > > > > - Kogito Apps: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1058 > > > > > - Kogito Apps - JITExecutor Native Linux: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1059 > > > > > - Kogito Apps - JITExecutor Native Windows: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1060 > > > > > - Kogito Apps - JITExecutor Native MacOS: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1061 > > > > > - KIE Tools - JBPM Quarkus DevUI: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1064 > > > > > - KIE Tools - Sonataflow Quarkus DevUI: > > > > > > https://repository.apache.org/content/repositories/orgapachekie-1065 > > > > > > > > > > The artifacts are signed with PGP key corresponding to > > > > > [priv...@kie.apache.org], found in the KEYS file: > > > > > > > > > > https://downloads.apache.org/incubator/kie/KEYS > > > > > > > > > > The vote will be open for at least 72 hours until the necessary > number > > > > > of votes are reached. > > > > > > > > > > Please vote accordingly: > > > > > [ ] +1 approve > > > > > [ ] +0 no opinion > > > > > [ ] -1 disapprove with the reason > > > > > > > > > > To learn more about KIE, please see https://kie.apache.org/ > > > > > > > > > > Checklist for reference: > > > > > > > > > > [ ] Download KIE artifacts are valid. > > > > > [ ] Checksums and PGP signatures are valid. > > > > > [ ] Source code distributions have correct names matching the > current > > > > > release. > > > > > [ ] LICENSE and NOTICE files are correct. > > > > > [ ] All files have license headers if necessary. > > > > > [ ] No compiled archives bundled in source archive. > > > > > [ ] Can compile from source. > > > > > > > > > > For updated information on how to verify the release, please refer > to: > > > > > https://kie.apache.org/docs/community/verify > > > > > > > > > > For updated information on how to build from source zip, please > refer > > > to: > > > > > https://kie.apache.org/docs/community/build > > > > > > > > > > [1] - > https://lists.apache.org/thread/oz1xfz48jwlw05sdy0wvtnrhn27jc72h > > > > > [2] - > https://lists.apache.org/thread/y9x068xwoqwrtzyrwhv06loxtt8v06fn > > > > > > > > > > Best, > > > > > Alex > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > > > For additional commands, e-mail: general-h...@incubator.apache.org > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
