Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HADOOP-16895. [thirdparty] Revisit LICENSEs and NOTICEs #6

Merged
merged 1 commit into from Mar 11, 2020
Merged

HADOOP-16895. [thirdparty] Revisit LICENSEs and NOTICEs #6

merged 1 commit into from Mar 11, 2020

Conversation

vinayakumarb
Copy link
Contributor

No description provided.

@vinayakumarb vinayakumarb self-assigned this Feb 28, 2020
@vinayakumarb
Copy link
Contributor Author

@aajisaka Could you please review this?

@aajisaka
Copy link
Member

aajisaka commented Mar 2, 2020

Source release

We don't have to include the dependencies in LICENSE and NOTICE files.

Binary release

LICENSE-binary and NOTICE-binary should contain protobuf, jaegartracing, and all their dependencies (such as gson). In addition, we should include LICENSE-binary and NOTICE-binary files in the jar files.

Details: http://www.apache.org/dev/licensing-howto.html

@aajisaka
Copy link
Member

aajisaka commented Mar 2, 2020

FYI: apache/hbase-thirdparty@0a39137

@vinayakumarb
Copy link
Contributor Author

Thanks @aajisaka, I will update accordingly.

@vinayakumarb
Copy link
Contributor Author

@aajisaka Updated the PR to include License-binary and NOTICE-binary as LICENCE.txt and NOTICE.txt and all other Non-ALV2 licenses under /META-INF/licences-binary inside shaded jars.

Please review.

@aajisaka aajisaka requested review from aajisaka and elek March 3, 2020 04:45
aajisaka
aajisaka approved these changes Mar 3, 2020
View reviewed changes
Copy link
Member

@aajisaka aajisaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1
Hi @elek, would you check this?

elek
elek reviewed Mar 5, 2020
View reviewed changes
Copy link
Member

@elek elek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much to create this patch @vinayakumarb.

TLDR; Overall it looks good to me, but I would do a cp NOTICE.txt NOTICE-binary.

In more details:

I learned all of my knowledge about licensing from the workshops from Justin Mclean. I might be wrong (If I misunderstood something), but here is what is my understanding.

  1. source package: we don't package any external code here (ideally Yetus is excluded), so the current LICENSE/NOTICE looks good.

  2. binary packages: we don't have the traditional tar binary package, just maven artifacts.

As a main rule, we need separated LICENSE.txt and mention the LICENSE of all the included files

Current approach seems to be fine:

unzip -l hadoop-shaded-jaeger/target/hadoop-shaded-jaeger-1.1.0-SNAPSHOT.jar

unzip -p hadoop-shaded-jaeger/target/hadoop-shaded-jaeger-1.1.0-SNAPSHOT.jar META-INF/LICENSE.txt

unzip -l hadoop-shaded-protobuf_3_7/target/hadoop-shaded-protobuf_3_7-1.1.0-SNAPSHOT.jar

unzip -p hadoop-shaded-protobuf_3_7/target/hadoop-shaded-protobuf_3_7-1.1.0-SNAPSHOT.jar META-INF/LICENSE.txt

They seems to be in sync, I can see only packages which are mentioned in the LICENSE.

binary licenses are also included:

unzip -l hadoop-shaded-protobuf_3_7/target/hadoop-shaded-protobuf_3_7-1.1.0-SNAPSHOT.jar | grep lice

Strictly speaking we have no protobuf in the jaeger jar and no jaeger in the protobuf file but I don't think it's a big problem.

  1. NOTICE file

We maintain NOTICE file only because it should be done according to the ASF license:

4.d If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear
  1. We don't need to do anything with an external NOTICE file if we use something which is not under Apache license. (BSD, MIT licenses don't ask us to do anything. We don't need to add any content).
  2. If the used library is Apache AND it contains a NOTICE, we should copy the content of the external NOTICE to our NOTICE.

As I see we use multiple Apache dependencies, but I can't see a NOTICE in any of them. Therefore we can keep NOTICE-binary as empty as the NOTICE of the src.

(Strictly speaking there is one other usage of NOTICE. During the donation of the code to Apache, some notices from the sources can be moved to the NOTICE file, but it almost never happens...)

@vinayakumarb
Copy link
Contributor Author

Thanks @elek
I have made NOTICE-binary 'lightweight' by removing 'non-mandatory' mentions of all 3rd-party dependencies.

  • Apache Thrift and Kotlin do provide NOTICE files. So copied kept those contents alone in NOTICE-binary.
  • jetbrains' java-annotation alone have copyright mention in their ALv2 txt, so copied entire licence under licences-binary.
  • keeping both NOTICE.txt and NOTICE-binary in jars.

Hope I have addressed all your concerns. Please review.

elek
elek approved these changes Mar 10, 2020
View reviewed changes
Copy link
Member

@elek elek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 LGTM

Thanks the update @vinayakumarb You were more precious than me.

Will commit this tomorrow morning if nobody else.

@asfgit asfgit merged commit a11c32c into apache:trunk Mar 11, 2020
@vinayakumarb
Copy link
Contributor Author

Thanks @elek and @aajisaka for reviews. Merged this to trunk and will cherry-pick to branch-1.0 for another RC

@elek
Copy link
Member

elek commented Mar 11, 2020

Thank you very much the work @vinayakumarb (And sorry for the occasionally delayed answer...)

asfgit pushed a commit that referenced this pull request Mar 11, 2020
@vinayakumarb
HADOOP-16895. [thirdparty] Revisit LICENSEs and NOTICEs (#6)
622b2dd
asfgit pushed a commit that referenced this pull request Mar 11, 2020
@vinayakumarb
HADOOP-16895. [thirdparty] Revisit LICENSEs and NOTICEs (#6)
3395253 
addendum to avoid rat check failure for NOTICE-binary
asfgit pushed a commit that referenced this pull request Mar 11, 2020
@vinayakumarb
HADOOP-16895. [thirdparty] Revisit LICENSEs and NOTICEs (#6)
9213756 
addendum to avoid rat check failure for NOTICE-binary
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elek elek elek approved these changes

@aajisaka aajisaka aajisaka approved these changes

Assignees

@vinayakumarb vinayakumarb

Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@vinayakumarb @aajisaka @elek @asfgit