Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[] Improving license check for dependencies

Hi all,

In the spirit of reducing friction, I'd like to share a little about my week in trying to get some CQs approved.  I work on a project called GeoMesa which has dependencies on two different ecosystems: Java-based geospatial and Apache Software Foundation 'big data' projects (like HBase, Cassandra, etc).  (Consequently, GeoMesa has entered over 400 CQs over its lifetime.)

For an upcoming release, we are upgrading versions of our Apache projects.  I tossed in 4 CQs* for ASF code.  All of the versions are upgrades of software projects which have already been approved.

In order to make sure that we don't miss something, we wait for Eclipse approval in IPZilla before merging a PR with a dependency change.  (We've got a little bit of scripting with Maven's Dependency plugin which helps us monitor this.  Let me know if you are interested; I'd be happy to share more info.)

I'm hitting a few pieces of slow down / friction / frustration.

First, I am required to get PMC approval for each CQ.  It took me two days of pinging my fellow PMCers to get one of them to vote +1 and click 4 boxes in IPZilla.

Second, now that the CQs are back to the 'new' status, and I am completely unsure what the next steps are.  Does anyone know how long the automated checks take to run?

Third, each of projects is an Apache Software Foundation project for which previous versions have been used by Eclipse projects.  I know there's always a chance that something goes screwy with licensing in any project at any time.  That said, if any of these CQs fail an automated check, then I imagine an Eclipse employee is gonna have a task to open the CQ, they'd see that it is an ASF project and click 'approve'.

Anyhow, apologies for venting.  Thanks for reading, thanks in advance for any suggestions.  For my position, I think there are some changes we could make:

1. Remove the need to get PMC approval.

2. Provide some way to get faster approval for version upgrades.

Either of those approaches would make my life better.  Together, 95% of my frustration with IP concerns would be gone.

As the AC, what are we in a position to recommend / request?



* Interested in watching from home, the CQs are here:

Back to the top