Update dependencies and remove juju/errors #79
Conversation
|
Hi contributor, thanks for your PR. This patch needs to be approved by someone of admins. They should reply with "/ok-to-test" to accept this PR for running test automatically. |
|
/run-all-tests |
|
@csuzhangxc @WangXiangUSTC PTAL; also cc @iamxy @GregoryIan for TOOL-390. |
|
@gregwebs PTAL |
LICENSE.txt
Outdated
| PingCAP CONFIDENTIAL | ||
| ____________________ | ||
|
|
||
| [2015] - [2018] PingCAP Incorporated |
There was a problem hiding this comment.
IANAL, but I think this should say "Copyright" somewhere.
There was a problem hiding this comment.
Also, I think this project was created after 2015.
There was a problem hiding this comment.
There's still no update on TOOL-390 so far. We could still change it (if needed) before the 2.1 GA release I think.
There was a problem hiding this comment.
This is much better now. But you should change 2015 to the date the project started.
There was a problem hiding this comment.
I've changed it to Copyright (C) 2017 - 2018 PingCAP Incorporated
|
Thank you! Getting easier to distribute properly now. I will be putting license check tooling in the SRE repo. |
|
There is just one lib (go-sql-driver/mysql) that requires making its source code available. It seems like we use this just for an error type. Its odd to me that we would check an error type from that package rather than from tidb. |
|
@gregwebs Thanks for the check! While If we need to avoid MPL-2.0, the only alternative I could find is I'm not sure if "making its source available" means the library itself or its dependency. Lemme check the license itself. |
|
So I believe the relevant parts are:
Here Larger Work = Additional info:
|
|
It would also be nice to send a similar vendor update PR to tidb-inspect-tools. It looks like the mysql driver is imported there but not used? |
|
Oh, so same thing in tidb-inspect-tools where it uses sql.Open |
|
We can use MPL code or LGPL code, just not GPL. LGPL/MPL requires source distribution with the binary, which in general we are not in compliance with right now (although where we offer downloads from github we probably are). It would have been nice to not be concerned about source distribution since at this point we essentially just have the mysql driver and one k8s dependency that require source distribution. But it looks like we do need the MySQL driver, so we will have to develop our MPL/LGPL source distribution process. |
|
Just checked |
|
LGTM |
Removed the goyacc step since the parser has been moved out. For now we rely on `git checkout` to recover the parser until v3.0.0-alpha is tagged
|
(Updated TiDB from RC3 to RC4) |
kennytm
force-pushed
the
kennytm/update-dependencies-and-remove-juju-error
branch
3 times, most recently
from
6d01ce3 to
2a67cc6
Compare
Jenkin's open file limit is somehow reduced to 65536, and the default tikv requirement is 40960*2+1000 = 82920, causing CI failing to start the integration tests. Here we reduce the number to 4096*2+1000 = 9192 via explicit config.
kennytm
force-pushed
the
kennytm/update-dependencies-and-remove-juju-error
branch
from
2a67cc6 to
d249213
Compare
|
/run-all-tests |
|
@WangXiangUSTC PTAL |
|
@gregwebs @iamxy so for https://internal.pingcap.net/confluence/display/PIN/Software+License+-+Compliance, what exactly we should do to be compliant?
|
|
PingCAP CONFIDENTIAL applies to the source code which we do not distribute and is not a EULA. I don't think we have a EULA for our binaries, that is a separate issue from compliance. We should not include PingCAP CONFIDENTIAL in the release. |
|
Yes, we should concat all license and notice files. We can put the source in the tarball or we can put it in a publicly available location, perhaps a S3/GCS referenced in the release tarball. |
|
We could just point to https://github.com/go-sql-driver/mysql/tree/v1.4.0 in the NOTICE file I guess, similar to that of prometheus/client_golang |
|
It's easy in go to concat all the license and notice from vendor. Just pointing to the source code for MPL is not enough. We need to distribute the source ourselves with the binary. |
|
LGTM |
Replaced
juju/errorsbypingcap/errors(exported aspkg/errorsdue to howpingcap/tidbimports it) (LGPL-v3 → BSD-2-clause)Updated
pingcap/tidbto v2.1.0-rc.4 to entirely removejuju/errorsfrom the vendor.pingcap/pdto v2.1.0-rc.4pingcap/kvprototo certain masterpingcap/tipbto certain mastergolang/protobufbygogo/protobuf(BSD-3-clause)opentracing/basictracer-go(Apache-2.0)Removed the
golang.org/x/netdependency as we can use the built-incontextpackage (the two are interchangeable after Go 1.7 anyway)Removed the explicit dependency on
pingcap/tidb-toolsandsiddontang/go, we're not using glide anymoreUpdated some direct dependencies:
BurntSushi/tomlfrom v0.3.0 to v0.3.1 (WTFPL → MIT)prometheus/client_golangfrom v0.8.0 to v0.9.0sirupsen/logrusfrom v0.11.6 to v1.1.1golang.org/x/systo certain mastergoogle.golang.org/grpcfrom v1.12.0 to v1.15.0Added the commercial license