From f86fa1cbbb9c5fb22a3e62da9343259f17e16084 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Wed, 26 Feb 2020 00:54:05 -0600 Subject: [PATCH 01/11] Removing packages that violate the terms of the source package --- cfep-12.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 cfep-12.md diff --git a/cfep-12.md b/cfep-12.md new file mode 100644 index 0000000..1952993 --- /dev/null +++ b/cfep-12.md @@ -0,0 +1,33 @@ + + + + + + + + + +
Title Removing packages that violate the terms of the source package
Status Draft
Author(s) Isuru Fernando <isuruf@gmail.com>
Created Feb 26, 2020
Updated Aug 30, 2016
Discussion NA
Implementation NA
+ +## Abstract + +Source packages that we use to create conda packages have terms and conditions that allow +us to redistribute the package in binary form. This CFEP codifies the conduct when these +violations are reported. + +## Implementation + +When a violation is brought to the attention of the Core team, the feedstock maintenance +team should be made aware by the Core team in a github issue on the feedstock and notified using the +github handle. + +A specified time period would be given to the maintenance team to respond to the claim and +a specified time period would be given to address the issue. + +If the issue is not addressed after the specified time period, the package will be moved +to the broken label. + + +## Copyright + +All CFEPs are explicitly [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/). From 817e3c40dd38e51466d01feb7ab3daa2edb5d576 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Wed, 26 Feb 2020 09:53:33 -0600 Subject: [PATCH 02/11] Update cfep-12.md Co-Authored-By: Christopher J. Wright --- cfep-12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index 1952993..a974ffb 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -4,7 +4,7 @@ Status Draft Author(s) Isuru Fernando <isuruf@gmail.com> Created Feb 26, 2020 - Updated Aug 30, 2016 + Updated Feb 26, 2020 Discussion NA Implementation NA From 316158cf75be8c578dc3145a7c4ccbfa578306d1 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Wed, 26 Feb 2020 09:54:11 -0600 Subject: [PATCH 03/11] Update cfep-12.md --- cfep-12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index a974ffb..f48e690 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -19,7 +19,7 @@ violations are reported. When a violation is brought to the attention of the Core team, the feedstock maintenance team should be made aware by the Core team in a github issue on the feedstock and notified using the -github handle. +github handles of the maintenance team members. A specified time period would be given to the maintenance team to respond to the claim and a specified time period would be given to address the issue. From 6ee70a78719428ac3a282e14a67067a22efce333 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Wed, 26 Feb 2020 10:51:47 -0600 Subject: [PATCH 04/11] Make it a week --- cfep-12.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cfep-12.md b/cfep-12.md index f48e690..a4ccc0f 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -21,8 +21,8 @@ When a violation is brought to the attention of the Core team, the feedstock mai team should be made aware by the Core team in a github issue on the feedstock and notified using the github handles of the maintenance team members. -A specified time period would be given to the maintenance team to respond to the claim and -a specified time period would be given to address the issue. +A week would be given to the maintenance team to respond to the claim and +a week would be given to address the issue. If the issue is not addressed after the specified time period, the package will be moved to the broken label. From e50d32450d11228cce67cd190624086f60e30054 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Wed, 26 Feb 2020 11:35:53 -0600 Subject: [PATCH 05/11] Update cfep-12.md --- cfep-12.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index a4ccc0f..00de229 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -22,7 +22,8 @@ team should be made aware by the Core team in a github issue on the feedstock an github handles of the maintenance team members. A week would be given to the maintenance team to respond to the claim and -a week would be given to address the issue. +another week would be given to address the issue. The feedstock maintenance team +may ask to extend the deadlines. If the issue is not addressed after the specified time period, the package will be moved to the broken label. From 437c7c0c2a846f4ef8e7cacdd11e56e49e3a3b51 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 3 Mar 2020 14:55:23 -0600 Subject: [PATCH 06/11] Update cfep-12.md Co-Authored-By: Matthew R. Becker --- cfep-12.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index 00de229..debfb62 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -28,7 +28,21 @@ may ask to extend the deadlines. If the issue is not addressed after the specified time period, the package will be moved to the broken label. - +We suggest a message to the maintainers along the following lines + + Hi! We (`@conda-forge/core`) have noticed that this package does not have + the license file required for us to be able to distribute this code. Nearly every + open-source license has such a requirement. It is extremely important that we + at `conda-forge` respect license restrictions and requirements such as this one + so that we can be good stewards of the open-source community. + + We are requesting that you add the correct license file to this feedstock. + If this is not done within two weeks, the packages from this feedstock be + moved to the broken label. If you'd like to extend this deadline or need + to discuss something with us, please feel free to respond to this issue. + + We also very much appreciate the time you have taken to maintain this + feedstock and your understanding on this issue! ## Copyright All CFEPs are explicitly [CC0 1.0 Universal](https://creativecommons.org/publicdomain/zero/1.0/). From 3e3373842d0fe866cd2422f9403e980bdff25f6f Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 10 Mar 2020 12:29:39 -0500 Subject: [PATCH 07/11] Add more details --- cfep-12.md | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/cfep-12.md b/cfep-12.md index debfb62..36083e3 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -25,8 +25,37 @@ A week would be given to the maintenance team to respond to the claim and another week would be given to address the issue. The feedstock maintenance team may ask to extend the deadlines. -If the issue is not addressed after the specified time period, the package will be moved -to the broken label. +If the issue is not addressed after the specified time period, the package will be moved using +one of the following. + + 1. Move the package to a private channel accessible only by core. + + This is done if the violation is about terms of redistribution + Moving to a private channel that's available to only core makes the package in-house + and will not be distributed. + + OR + + 2. Delete the package + + If the violation is not about terms of redistribution, but modifying the package by + creating a binary package, or if it's about storing the package in the cloud, + then the package will be deleted. + + To do this, two core members must volunteer to archive the package locally. + + +To address the issue, the following conditions must be met, + + 1. The recipe must be fixed according to the terms of the package. + + 2. Existing package must be fixed according to the terms of the package + + To facilitate this, infrastructure will be provided to add a file to the package. + (For eg: to add a copyright notice to the package). + If the violation cannot be fixed by adding a file to the package, the packages + have to be deleted or moved according to the previous guidelines. + We suggest a message to the maintainers along the following lines From ae3c58bc88562666a4f7554bb9989df418532ff6 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 10 Mar 2020 12:32:42 -0500 Subject: [PATCH 08/11] moved->made private --- cfep-12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index 36083e3..bb2aa2d 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -54,7 +54,7 @@ To address the issue, the following conditions must be met, To facilitate this, infrastructure will be provided to add a file to the package. (For eg: to add a copyright notice to the package). If the violation cannot be fixed by adding a file to the package, the packages - have to be deleted or moved according to the previous guidelines. + have to be deleted or made private according to the previous guidelines. We suggest a message to the maintainers along the following lines From e97969a43e07a73e48759174b836f170a382c4e3 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 10 Mar 2020 12:45:42 -0500 Subject: [PATCH 09/11] Add details on how to fix the package --- cfep-12.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index bb2aa2d..03aec4e 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -52,7 +52,13 @@ To address the issue, the following conditions must be met, 2. Existing package must be fixed according to the terms of the package To facilitate this, infrastructure will be provided to add a file to the package. - (For eg: to add a copyright notice to the package). + (For eg: to add a copyright notice to the package). conda-package-handling (CPH) + can be used for extracting the package, adding a file and creating a new package. + This fixed package will be forced pushed. + + Note that this would change the md5sum of the package and the repodata will be + fixed in the next CDN update. No downtime is expected. + If the violation cannot be fixed by adding a file to the package, the packages have to be deleted or made private according to the previous guidelines. From c8f67cc1b06aaaa1a61c35a7978590d3f7b29b94 Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 10 Mar 2020 13:01:34 -0500 Subject: [PATCH 10/11] Maybe there's a downtime --- cfep-12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfep-12.md b/cfep-12.md index 03aec4e..57bc1fb 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -57,7 +57,7 @@ To address the issue, the following conditions must be met, This fixed package will be forced pushed. Note that this would change the md5sum of the package and the repodata will be - fixed in the next CDN update. No downtime is expected. + fixed in the next CDN update. Downtime is expected to be half an hour. If the violation cannot be fixed by adding a file to the package, the packages have to be deleted or made private according to the previous guidelines. From a9c1ee93b091be4b44d1fdedbde5cb06b0e46deb Mon Sep 17 00:00:00 2001 From: Isuru Fernando Date: Tue, 10 Mar 2020 14:35:34 -0500 Subject: [PATCH 11/11] Don't force push --- cfep-12.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/cfep-12.md b/cfep-12.md index 57bc1fb..66fb3f3 100644 --- a/cfep-12.md +++ b/cfep-12.md @@ -54,10 +54,14 @@ To address the issue, the following conditions must be met, To facilitate this, infrastructure will be provided to add a file to the package. (For eg: to add a copyright notice to the package). conda-package-handling (CPH) can be used for extracting the package, adding a file and creating a new package. - This fixed package will be forced pushed. + This fixed package will be forced pushed. The new package will have a build string + appended or prepended depending on the use case. (For eg: blas=*=*_netlib will + have a build string prepended and hdf5=*=mpi_* will have build string appended.) - Note that this would change the md5sum of the package and the repodata will be - fixed in the next CDN update. Downtime is expected to be half an hour. + After the new packages are uploaded, the repodata will be patched for exact + pinnings and the old package removed from the CDN index. + + When the repodata patching is live, the old packages will be removed. (Keep a copy somewhere?) If the violation cannot be fixed by adding a file to the package, the packages have to be deleted or made private according to the previous guidelines.