Track LICENSE and NOTICE issues for `incubator-openwhisk`

[mrutkows]

Please use this issue to track any issues surrounding either the LICENSE.txt or NOTICE.txt file for the associated repository listed in the title.

Open Issues/PRs:

• Issue #122 - Documentation requirements for LogBack (default logger) - (release repo.)
• Issue #3607 - Change the JDK to use openjdk8-openj9
• Issue #137 - JDK license issue for the runtime Java

Closed Issues/Merged PRs:

• PR #3550 - Add the licenses of the dependencies into LICENSE
• PR #3522 - Update notice file
  • Review NOTICE file for main openwhisk repo. #75
• PR #3565 - Add license headers to files under ansible folder
  • Issue #3264 - A list of source files miss Apache license headers
• PR #3566 - Add license headers to 67 files
  • Issue #3555 - Do test files need license headers?
• PR #3596 - Add short license header to test data files
• PR #3601 - Change the LICENSE file into the correct format defined in openwhisk release
• PR #3602 - Update build to use latest scancode .cfg for .md and .sh
• PR #3624 - Replace WALA Pair with clean new Pair.
  • PR #3620 - Remove Eclipse license header and IBM copyright from a test file (closed)
  • Issue Replace or remove Pair.java from main openwhisk repo. #142
• PR #3626 - Add ASF license headers to all Scala .conf files.
• PR #3659 - Assure all Dockerfiles have ASF header.
• PR #3666 - Use Minified ASF License header in Ansible YAML files.
  • Issue #3660 - Python (*.py) and YAML (.yml) files missing ASF license headers
• PR #3670 - Add ASF Headers to .groovy source files.
• PR #3684 - Update last, edge-case files without ASF headers
• PR #3702 - Add ASF license to optional XML files and last gradle file
  • Reverted by Christian as it broke IBM private PG...
  • See #3705 and #3708
• PR #3703 - Add the license and notice for ConcurrentMapBackedCache.scala
  • Issue #152 - Lightbend copyright appears, no LICENSE attribution
• PR #3705 - Revert "Add ASF license to optional XML files and last gradle file
• PR #3708 - Single build.gradle file missing ASF license header
• PR #3717 - Update Travis to use ASF-Release.cfg.
• PR #3720 - Update the document regarding Open JDK and Oracle JDK

Related PRs:

• PR #155 - Add the tests directory back to the source code release, release now includes "tests" sub-directory.
• PR #154 - Provide per-repo., file-level ASF license header exclusion listing

Notes: Please use this issue to document directories/files (by extension) or individual files we have decided will not require a LICENSE header because it falls under an allowed Apache category (see https://www.apache.org/legal/src-headers.html)

[mrutkows]

The question came up about how we should (or even if we should) list services and tooling the project depends upon to build and run.
For example, we need Ansible and CouchDB (until a Memory Artifactory is completed) (see https://github.com/apache/incubator-openwhisk/blob/master/tools/travis/setup.sh)

[mrutkows]

Opened Issue: https://github.com/apache/incubator-openwhisk-release/issues/122

With the noted library use in LICENSE of "logback: which uses LGPL, have we done enough? After reading the advice in URL below, we address #2, but can we address #1?

https://softwareengineering.stackexchange.com/questions/86142/what-exactly-do-i-need-to-do-if-i-use-a-lgpl-licenced-library/86158

as noted logback is default logger as per docs: https://github.com/apache/incubator-openwhisk/blob/925500cf8d34bb75bebd077ea057af236eba0b01/docs/logging.md

Default Logging Provider

OpenWhisk uses Logback as default logging provider via slf4j.

Logback can be configured in the configuration file logback.xml.

Besides other things this configuration file defines the default log level for OpenWhisk. 
Akka Logging inherits the log level defined here.

If we can show another logger over the same Interface this could satisfy #1

[daisy-ycguo]

We should add below files the exclusion list

configurations:

  openwhisk/ansible/group_vars/all
  openwhisk/ansible/environments/docker-machine/group_vars/all
  openwhisk/ansible/environments/distributed/group_vars/all
  openwhisk/ansible/environments/distributed/files/openstack/openstack.env
  openwhisk/ansible/environments/distributed/hosts
  openwhisk/ansible/environments/vagrant/group_vars/all
  openwhisk/ansible/environments/vagrant/hosts
  openwhisk/ansible/environments/local/group_vars/all
  openwhisk/ansible/ansible.cfg
  openwhisk/ansible/files/package-versions.ini
  openwhisk/tools/eclipse/scala.properties
  openwhisk/tools/eclipse/java.xml
  openwhisk/tools/build/scanCode.cfg
  openwhisk/tools/jenkins/apache/dockerhub.groovy
  openwhisk/core/invoker/src/main/resources/application.conf
  openwhisk/core/controller/src/main/resources/application.conf
  openwhisk/core/controller/src/main/resources/reference.conf
  openwhisk/common/scala/src/main/resources/logback.xml
  openwhisk/common/scala/src/main/resources/logging.conf
  openwhisk/common/scala/src/main/resources/application.conf
  openwhisk/common/scala/src/main/resources/reference.conf
  openwhisk/performance/gatling_tests/src/gatling/resources/conf/logback.xml
  openwhisk/performance/wrk_tests/post.lua

legal documents

  openwhisk/CREDITS.txt
  openwhisk/licenses/LICENSE-scala.txt
  openwhisk/licenses/LICENSE-apachehttpcomponentsclient.txt
  openwhisk/licenses/LICENSE-pureconfig.txt
  openwhisk/licenses/LICENSE-logbackclassic.txt
  openwhisk/licenses/LICENSE-jsr305.txt

Very short files without any creativity

  openwhisk/actionRuntimes/python2Action/Dockerfile
  openwhisk/actionRuntimes/swift4.1Action/Dockerfile
  openwhisk/actionRuntimes/nodejs6Action/Dockerfile
  openwhisk/actionRuntimes/javaAction/Dockerfile
  openwhisk/actionRuntimes/swift3.1.1Action/Dockerfile
  openwhisk/actionRuntimes/nodejs8Action/Dockerfile
  openwhisk/actionRuntimes/actionProxy/Dockerfile
  openwhisk/actionRuntimes/pythonAction/Dockerfile
  openwhisk/actionRuntimes/php7.1Action/Dockerfile
  openwhisk/sdk/docker/Dockerfile

We need to change RAT config and scan tool config to exclude these files. Issue #125 is created.

[daisy-ycguo]

Two PRs are created: https://github.com/apache/incubator-openwhisk/pull/3566 https://github.com/apache/incubator-openwhisk/pull/3565

[mrutkows]

@houshengbo @daisy-ycguo It appears that a performance test was recently added to main openwhisk repo. (under performance dirctory) which is of type ".lua" and has no license.

See PR https://github.com/apache/incubator-openwhisk/pull/3527

This means either we work to document this as a ASF license header exclusion (1 line file) and also, now document a LUA dependency, or work with community (and PR authors) to change required test dependencies.

[mrutkows]

@daisy-ycguo @houshengbo Added exclusion for "performance" directory for main openwhisk: PR https://github.com/apache/incubator-openwhisk-utilities/pull/26

[mrutkows]

@daisy-ycguo @houshengbo Carlos and I were chatting about a PR for scancode and we started talking about the new "performance" directory under main openwhisk. It now has new dependencies...

here is what we need to look at closely as these may not have public licenses...

Need to see the license on the docker image we use `williamyeh/wrk`
https://hub.docker.com/r/williamyeh/wrk/

Carlos found:

hyis one doesn’t seem to have a license:
https://github.com/William-Yeh/docker-wrk/blob/master/Dockerfile
GitHub
William-Yeh/docker-wrk
docker-wrk - A minimal wrk image for Docker - Modern HTTP benchmarking tool.
checking `FROM williamyeh/ansible:mini-alpine3`

Carlos commented:

`performance` folder can be deleted and not included in the release .tgz
same for `tests` no need it in the release.tgz
but nice to include if possible
Found it
wrk is Apache 2.0 https://github.com/wg/wrk/blob/master/LICENSE
GitHub
wg/wrk
wrk - Modern HTTP benchmarking tool

Carlos then found the downstream deps:

then wrk depends on LUAJIT and OpenSSL https://github.com/wg/wrk/blob/master/INSTALL#L11
GitHub
wg/wrk
wrk - Modern HTTP benchmarking tool

[daisy-ycguo]

@mrutkows I don't quite understand the reason to exclude the whole performance folder. Do you want to exclude only .lua files from header checking ? or you want to exclude LUA dependency from legal files ?

[mrutkows]

@daisy-ycguo what Carlos is saying, and I agree, is that we may need to exclude these tests from any release packaging.

Carlos seems to have found that the perf. test tool has an Apache 2 license... https://github.com/wg/wrk/blob/master/LICENSE

@daisy-ycguo again, this is a TRACKING issue to record/track/discuss issues we encounter that MAY affect license file for each repo. I have not asked anyone to do anything at this point.

[mrutkows]

(my comment)... perhaps we should move “performance” under “tests” dir. to clarify and simplify our exclusions (both in docs and in release tooling)

[daisy-ycguo]

A PR https://github.com/apache/incubator-openwhisk/pull/3596 is proposed to add short license header to test data files.

I also found that below files should be excluded from license header checking. I will update the document and pom.xml later.

  openwhisk/tests/dat/apigw/testswaggerdocinvalid
  openwhisk/tests/dat/apigw/testswaggerdoc2
  openwhisk/tests/dat/apigw/testswaggerdoc1
  openwhisk/tests/src/test/resources/application.conf.j2

[daisy-ycguo]

Add openwhisk/tests/dat/actions/empty.js to exclusion list because it will cause test fail if adding header.