[Mentor request] Validate the verification of distribution rights

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Mentor request] Validate the verification of distribution rights

Joe Witt
Mentors,

I believe based on completing analysis of the all of our dependencies and
their related licenses that we should now be considered complete for the
following two incubation items categorized as 'Verify Distribution Rights':

***
1). Check and make sure that for all code included with the distribution
that is not under the Apache license, we have the right to combine with
Apache-licensed code and redistribute.
2). Check and make sure that all source code distributed by the project is
covered by one or more of the following approved licenses: Apache, BSD,
Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially the same
terms.
***

I believe the analysis of all of our dependencies and research into all of
their applicable copyrights, licenses, etc.  that we have covered these
requirements.  The analysis included all code for which we've developed
direct dependent code as well as those we depend on transitively.  The
results of that analysis have concluded in the current LICENSE file
included with our build as found here:

https://github.com/apache/incubator-nifi/blob/develop/LICENSE

We have licenses which are consistent with those called out in
http://www.apache.org/legal/resolved.html#category-a

We have the following license dependencies from the list known as 'Category
A'
- BSD (2-clause)
- BSD (3-clause)
- MIT

We have the following license dependencies from the list known as 'Category
B'
- CDDL 1.0
- CDDL 1.1
- MPL 2.0
- EPL 1.0

And a few dependencies listed as 'public domain'.

We have no dependencies listed from the disallowed list.  During the
analysis it revealed three dependencies which did violate the rules but
those have been addressed in NIFI-183.

I believe the LICENSE and NOTICE files have been updated appropriately.

With your permission I'd like to consider these as resolved (though we do
recognize that we have to keep these up to date).

Thank you
Joe
Reply | Threaded
Open this post in threaded view
|

Re: [Mentor request] Validate the verification of distribution rights

Brock Noland
Hi,

Based on what I see, this looks really good. I was going to just spot check
the libraries included in your binary build but got the error below.

The only thing I would add is add a check to validate this as part of your
release process.

Brock

[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-assembly-plugin:2.5.2:assembly (default-cli)
on project nifi-parent: Error reading assemblies: No assembly descriptors
found. -> [Help 1]

On Sun, Dec 21, 2014 at 6:08 PM, Joe Witt <[hidden email]> wrote:

> Mentors,
>
> I believe based on completing analysis of the all of our dependencies and
> their related licenses that we should now be considered complete for the
> following two incubation items categorized as 'Verify Distribution Rights':
>
> ***
> 1). Check and make sure that for all code included with the distribution
> that is not under the Apache license, we have the right to combine with
> Apache-licensed code and redistribute.
> 2). Check and make sure that all source code distributed by the project is
> covered by one or more of the following approved licenses: Apache, BSD,
> Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially the same
> terms.
> ***
>
> I believe the analysis of all of our dependencies and research into all of
> their applicable copyrights, licenses, etc.  that we have covered these
> requirements.  The analysis included all code for which we've developed
> direct dependent code as well as those we depend on transitively.  The
> results of that analysis have concluded in the current LICENSE file
> included with our build as found here:
>
> https://github.com/apache/incubator-nifi/blob/develop/LICENSE
>
> We have licenses which are consistent with those called out in
> http://www.apache.org/legal/resolved.html#category-a
>
> We have the following license dependencies from the list known as 'Category
> A'
> - BSD (2-clause)
> - BSD (3-clause)
> - MIT
>
> We have the following license dependencies from the list known as 'Category
> B'
> - CDDL 1.0
> - CDDL 1.1
> - MPL 2.0
> - EPL 1.0
>
> And a few dependencies listed as 'public domain'.
>
> We have no dependencies listed from the disallowed list.  During the
> analysis it revealed three dependencies which did violate the rules but
> those have been addressed in NIFI-183.
>
> I believe the LICENSE and NOTICE files have been updated appropriately.
>
> With your permission I'd like to consider these as resolved (though we do
> recognize that we have to keep these up to date).
>
> Thank you
> Joe
>
Reply | Threaded
Open this post in threaded view
|

Re: [Mentor request] Validate the verification of distribution rights

Joe Witt
Brock,

What directory were you in when attempting to do the build of the assembly?

The 'assembly' directory is where the good stuff is at.

So from root you can do:

mvn -T2.0C clean install
cd assembly
mvn assembly:assembly
cd target
cd nifi.../nifi....

if you do './bin/nifi.sh start' then nifi will explode out all the jars and
such.  You can then go to ./work

Do something like 'find -type f| grep jar' to get a listing of all jars.

Thanks
joe

On Mon, Dec 29, 2014 at 3:31 PM, Brock Noland <[hidden email]> wrote:

> Hi,
>
> Based on what I see, this looks really good. I was going to just spot check
> the libraries included in your binary build but got the error below.
>
> The only thing I would add is add a check to validate this as part of your
> release process.
>
> Brock
>
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-assembly-plugin:2.5.2:assembly (default-cli)
> on project nifi-parent: Error reading assemblies: No assembly descriptors
> found. -> [Help 1]
>
> On Sun, Dec 21, 2014 at 6:08 PM, Joe Witt <[hidden email]> wrote:
>
> > Mentors,
> >
> > I believe based on completing analysis of the all of our dependencies and
> > their related licenses that we should now be considered complete for the
> > following two incubation items categorized as 'Verify Distribution
> Rights':
> >
> > ***
> > 1). Check and make sure that for all code included with the distribution
> > that is not under the Apache license, we have the right to combine with
> > Apache-licensed code and redistribute.
> > 2). Check and make sure that all source code distributed by the project
> is
> > covered by one or more of the following approved licenses: Apache, BSD,
> > Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially the same
> > terms.
> > ***
> >
> > I believe the analysis of all of our dependencies and research into all
> of
> > their applicable copyrights, licenses, etc.  that we have covered these
> > requirements.  The analysis included all code for which we've developed
> > direct dependent code as well as those we depend on transitively.  The
> > results of that analysis have concluded in the current LICENSE file
> > included with our build as found here:
> >
> > https://github.com/apache/incubator-nifi/blob/develop/LICENSE
> >
> > We have licenses which are consistent with those called out in
> > http://www.apache.org/legal/resolved.html#category-a
> >
> > We have the following license dependencies from the list known as
> 'Category
> > A'
> > - BSD (2-clause)
> > - BSD (3-clause)
> > - MIT
> >
> > We have the following license dependencies from the list known as
> 'Category
> > B'
> > - CDDL 1.0
> > - CDDL 1.1
> > - MPL 2.0
> > - EPL 1.0
> >
> > And a few dependencies listed as 'public domain'.
> >
> > We have no dependencies listed from the disallowed list.  During the
> > analysis it revealed three dependencies which did violate the rules but
> > those have been addressed in NIFI-183.
> >
> > I believe the LICENSE and NOTICE files have been updated appropriately.
> >
> > With your permission I'd like to consider these as resolved (though we do
> > recognize that we have to keep these up to date).
> >
> > Thank you
> > Joe
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: [Mentor request] Validate the verification of distribution rights

Brock Noland
OK, I thought I could run that from the root.

LGTM

On Mon, Dec 29, 2014 at 3:22 PM, Joe Witt <[hidden email]> wrote:

> Brock,
>
> What directory were you in when attempting to do the build of the assembly?
>
> The 'assembly' directory is where the good stuff is at.
>
> So from root you can do:
>
> mvn -T2.0C clean install
> cd assembly
> mvn assembly:assembly
> cd target
> cd nifi.../nifi....
>
> if you do './bin/nifi.sh start' then nifi will explode out all the jars and
> such.  You can then go to ./work
>
> Do something like 'find -type f| grep jar' to get a listing of all jars.
>
> Thanks
> joe
>
> On Mon, Dec 29, 2014 at 3:31 PM, Brock Noland <[hidden email]> wrote:
>
> > Hi,
> >
> > Based on what I see, this looks really good. I was going to just spot
> check
> > the libraries included in your binary build but got the error below.
> >
> > The only thing I would add is add a check to validate this as part of
> your
> > release process.
> >
> > Brock
> >
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-assembly-plugin:2.5.2:assembly
> (default-cli)
> > on project nifi-parent: Error reading assemblies: No assembly descriptors
> > found. -> [Help 1]
> >
> > On Sun, Dec 21, 2014 at 6:08 PM, Joe Witt <[hidden email]> wrote:
> >
> > > Mentors,
> > >
> > > I believe based on completing analysis of the all of our dependencies
> and
> > > their related licenses that we should now be considered complete for
> the
> > > following two incubation items categorized as 'Verify Distribution
> > Rights':
> > >
> > > ***
> > > 1). Check and make sure that for all code included with the
> distribution
> > > that is not under the Apache license, we have the right to combine with
> > > Apache-licensed code and redistribute.
> > > 2). Check and make sure that all source code distributed by the project
> > is
> > > covered by one or more of the following approved licenses: Apache, BSD,
> > > Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially the
> same
> > > terms.
> > > ***
> > >
> > > I believe the analysis of all of our dependencies and research into all
> > of
> > > their applicable copyrights, licenses, etc.  that we have covered these
> > > requirements.  The analysis included all code for which we've developed
> > > direct dependent code as well as those we depend on transitively.  The
> > > results of that analysis have concluded in the current LICENSE file
> > > included with our build as found here:
> > >
> > > https://github.com/apache/incubator-nifi/blob/develop/LICENSE
> > >
> > > We have licenses which are consistent with those called out in
> > > http://www.apache.org/legal/resolved.html#category-a
> > >
> > > We have the following license dependencies from the list known as
> > 'Category
> > > A'
> > > - BSD (2-clause)
> > > - BSD (3-clause)
> > > - MIT
> > >
> > > We have the following license dependencies from the list known as
> > 'Category
> > > B'
> > > - CDDL 1.0
> > > - CDDL 1.1
> > > - MPL 2.0
> > > - EPL 1.0
> > >
> > > And a few dependencies listed as 'public domain'.
> > >
> > > We have no dependencies listed from the disallowed list.  During the
> > > analysis it revealed three dependencies which did violate the rules but
> > > those have been addressed in NIFI-183.
> > >
> > > I believe the LICENSE and NOTICE files have been updated appropriately.
> > >
> > > With your permission I'd like to consider these as resolved (though we
> do
> > > recognize that we have to keep these up to date).
> > >
> > > Thank you
> > > Joe
> > >
> >
>
Reply | Threaded
Open this post in threaded view
|

Re: [Mentor request] Validate the verification of distribution rights

Joe Witt
Thanks Brock.  I've updated those on the incubator status.  If anyone
disagrees or finds an issue please ring the bell.

Thanks
Joe

On Mon, Dec 29, 2014 at 5:18 PM, Brock Noland <[hidden email]> wrote:

> OK, I thought I could run that from the root.
>
> LGTM
>
> On Mon, Dec 29, 2014 at 3:22 PM, Joe Witt <[hidden email]> wrote:
>
> > Brock,
> >
> > What directory were you in when attempting to do the build of the
> assembly?
> >
> > The 'assembly' directory is where the good stuff is at.
> >
> > So from root you can do:
> >
> > mvn -T2.0C clean install
> > cd assembly
> > mvn assembly:assembly
> > cd target
> > cd nifi.../nifi....
> >
> > if you do './bin/nifi.sh start' then nifi will explode out all the jars
> and
> > such.  You can then go to ./work
> >
> > Do something like 'find -type f| grep jar' to get a listing of all jars.
> >
> > Thanks
> > joe
> >
> > On Mon, Dec 29, 2014 at 3:31 PM, Brock Noland <[hidden email]>
> wrote:
> >
> > > Hi,
> > >
> > > Based on what I see, this looks really good. I was going to just spot
> > check
> > > the libraries included in your binary build but got the error below.
> > >
> > > The only thing I would add is add a check to validate this as part of
> > your
> > > release process.
> > >
> > > Brock
> > >
> > > [ERROR] Failed to execute goal
> > > org.apache.maven.plugins:maven-assembly-plugin:2.5.2:assembly
> > (default-cli)
> > > on project nifi-parent: Error reading assemblies: No assembly
> descriptors
> > > found. -> [Help 1]
> > >
> > > On Sun, Dec 21, 2014 at 6:08 PM, Joe Witt <[hidden email]> wrote:
> > >
> > > > Mentors,
> > > >
> > > > I believe based on completing analysis of the all of our dependencies
> > and
> > > > their related licenses that we should now be considered complete for
> > the
> > > > following two incubation items categorized as 'Verify Distribution
> > > Rights':
> > > >
> > > > ***
> > > > 1). Check and make sure that for all code included with the
> > distribution
> > > > that is not under the Apache license, we have the right to combine
> with
> > > > Apache-licensed code and redistribute.
> > > > 2). Check and make sure that all source code distributed by the
> project
> > > is
> > > > covered by one or more of the following approved licenses: Apache,
> BSD,
> > > > Artistic, MIT/X, MIT/W3C, MPL 1.1, or something with essentially the
> > same
> > > > terms.
> > > > ***
> > > >
> > > > I believe the analysis of all of our dependencies and research into
> all
> > > of
> > > > their applicable copyrights, licenses, etc.  that we have covered
> these
> > > > requirements.  The analysis included all code for which we've
> developed
> > > > direct dependent code as well as those we depend on transitively.
> The
> > > > results of that analysis have concluded in the current LICENSE file
> > > > included with our build as found here:
> > > >
> > > > https://github.com/apache/incubator-nifi/blob/develop/LICENSE
> > > >
> > > > We have licenses which are consistent with those called out in
> > > > http://www.apache.org/legal/resolved.html#category-a
> > > >
> > > > We have the following license dependencies from the list known as
> > > 'Category
> > > > A'
> > > > - BSD (2-clause)
> > > > - BSD (3-clause)
> > > > - MIT
> > > >
> > > > We have the following license dependencies from the list known as
> > > 'Category
> > > > B'
> > > > - CDDL 1.0
> > > > - CDDL 1.1
> > > > - MPL 2.0
> > > > - EPL 1.0
> > > >
> > > > And a few dependencies listed as 'public domain'.
> > > >
> > > > We have no dependencies listed from the disallowed list.  During the
> > > > analysis it revealed three dependencies which did violate the rules
> but
> > > > those have been addressed in NIFI-183.
> > > >
> > > > I believe the LICENSE and NOTICE files have been updated
> appropriately.
> > > >
> > > > With your permission I'd like to consider these as resolved (though
> we
> > do
> > > > recognize that we have to keep these up to date).
> > > >
> > > > Thank you
> > > > Joe
> > > >
> > >
> >
>