[CONTROLLER-2069] Import atomix-storage into controller.git Created: 30/Jan/23  Updated: 19/Apr/23  Resolved: 01/Mar/23

Status: Resolved
Project: controller
Component/s: clustering
Affects Version/s: None
Fix Version/s: 7.0.5

Type: Task Priority: Medium
Reporter: Robert Varga Assignee: Robert Varga
Resolution: Done Votes: 0
Labels: pt
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Blocks
blocks CONTROLLER-2071 Switch to our fork of atomix-storage Resolved

 Description   

atomix.io has switched its implementation to Go and the Java implementation has been archived.

This is problematic, as the last release depends on an ancient Kryo version and upgrade requires API-incompatible changes.

The code is licensed under APL2, so this should not be a problem.

We only require atomix-storage and atomix-utils (as a dependency). Import atomix-archive.git/(storage/utils) into controller.git/third-party/atomix directory with full history, so that we have:

/third-party                // parent directory
/third-party/atomix         // parent directory
/third-party/atomix/storage // code&history from atomix-archive.git/storage
/third-party/atomix/utils   // code&history from atomix-archive.git/utils

In the controller repository.

 Comments   
Comment by Robert Varga [ 01/Mar/23 ]

The results of conversation with LF iT is that we cannot import the history due to lack of Developer Certificate of Origin in all of the commits made to the atomix repo.
Furtunately the inbound code scan done as part of the LFIT issue resulted in, quoteth:

 
Here are the results from the open source license intake scan for atomix.

LFN OpenDaylight - atomix-archive - License Intake Scan & Analysis

  • This intake scan is a static analysis of the source code in your repository. A dependency scan was not performed. Once a project is added to LFX https://security.lfx.linuxfoundation.org, we can use SNYK to view a dependency scan for both licenses and vulnerabilities.

Code Scanned: pulled 27-FEB-2023
https://github.com/atomix/atomix-archive

Project License: Top level project license was found: Apache 2.0

SPDX license identifiers: License info was present in file headers, SPDX license identifiers were not found. I recommend that these be included in every source file header. [see https://spdx.dev/ids]

Permissive licenses: Apache-2.0

Copyleft licenses: None found

Proprietary licenses: None found

License conflicts: None found

Binary / package files: None found

Third party code / dependencies: None found

  • NOTE: Open source licenses for any third party dependencies were not investigated as part of the intake scan, so not all potential license conflicts are reported here.

Third party notice file: None found.

SUMMARY FINDINGS: No license conflicts found. All code in the scanned directories is under the Apache 2.0 license. There should be no issues combining this code with your ODL project under the EPL-1.0 license. No information on third party dependencies was available.

Comment by Robert Varga [ 01/Mar/23 ]

This means that while we do not get to import the git history, we are okay to import the code as-is.

Generated at Wed Feb 07 19:57:07 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.