Incubator-superset: Unblocking the release process
This issue gathers information about blockers and progress towards our first ASF release.
Licenses
Superset has a super wide, deep, and dynamic dependency tree. Bumping a single library can create licensing issues that are hard to catch.
FOSSA seems like the perfect tooling to do this, yet the ASF infra team won't let us install it. https://issues.apache.org/jira/browse/INFRA-18719 . Here's FOSSA pointing to my fork of Superset.
https://app.fossa.com/projects/git%2Bgithub.com%2Fmistercrunch%2Fsuperset/refs/branch/master/78d46fa18d6acf9823261678ba9a16b1aad3e451/browse/licenses
Note that FOSSA offers a CLI (haven't dug into it yet) that we may be able to leverage in CI. Also note that other projects at the ASF use Fossology, which doesn't seem to be as modern / GH-integrated
Some previous work I did on licenses, to help with the eventual "convenience release" which would package minified JS, and thus would need a dynamically generated LICENSE file.
https://github.com/apache/incubator-superset/pull/5801
TO RESOLVE
- pillow lib: https://github.com/python-pillow/Pillow/blob/master/LICENSE, we can make optional or figure out if it's an ok license
Attempts
See the [barely usage] archives https://mail-archives.apache.org/mod_mbox/superset-dev/201905.mbox/browser for previous attempts.
Related work
mistercrunch
All 9 comments
Issue-Label Bot is automatically applying the label #enhancement to this issue, with a confidence of 0.63. Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback!
Links: app homepage, dashboard and code for this bot.
![issue-label-bot[bot] picture](https://avatars2.githubusercontent.com/in/27079?v=4&s=40)
issue-label-bot[bot]
on 2 Aug 2019
_"FOSSA seems like the perfect tooling to do this, yet the ASF infra team won't let us install it."_;
For the sake of the community can ASF not make an exception for FOSSA. We have been without an official release for way too long.
_"Unfortunately, this requires permissions we can't allow, namely repo:write and webhook/service:write"_; Is there a work around here to not break what I assume is some internal; guideline/process?
davidhassan
on 2 Aug 2019
Found and implemented a solution to use the FOSSA cli.
mistercrunch
on 8 Aug 2019
I'll email legal and follow up with the PIL licensing issue. I did some research and it appears that the PIL license is virtually identical to the BSD 0 clause license. I created a JIRA ticket (https://issues.apache.org/jira/browse/LEGAL-472) and will follow up about that.
cgivre
on 9 Aug 2019
UPDATE: The Apache legal team accepted the PIL license as a CatA license which means that it CAN be included in an Apache project.
cgivre
on 9 Aug 2019
Oh nice! I pushed a release candidate to the mailing list this AM!
mistercrunch
on 9 Aug 2019
I saw! So if the licensing issue with PIL is resolved, what other issues can I assist with?
cgivre
on 9 Aug 2019
Is my understanding correct from this PR that an official release might be around the corner?
RichardAnaya-ML
on 14 Aug 2019
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 13 Oct 2019
Related issues
josephtyler
路
3Comments
eliab
路
3Comments
lenguyenthedat
路
3Comments
deity-bram
路
3Comments
kalimuthu123
路
3Comments
Most helpful comment
Found and implemented a solution to use the FOSSA cli.