Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Import atomix-storage into controller.git

Description

atomix.io has switched its implementation to Go and the Java implementation has been archived.

This is problematic, as the last release depends on an ancient Kryo version and upgrade requires API-incompatible changes.

The code is licensed under APL2, so this should not be a problem.

We only require atomix-storage and atomix-utils (as a dependency). Import atomix-archive.git/(storage/utils) into controller.git/third-party/atomix directory with full history, so that we have:

/third-party // parent directory /third-party/atomix // parent directory /third-party/atomix/storage // code&history from atomix-archive.git/storage /third-party/atomix/utils // code&history from atomix-archive.git/utils

In the controller repository.

Activity

Show:

Robert Varga March 1, 2023 at 10:44 PM

This means that while we do not get to import the git history, we are okay to import the code as-is.

Robert Varga March 1, 2023 at 10:43 PM

The results of conversation with LF iT is that we cannot import the history due to lack of Developer Certificate of Origin in all of the commits made to the atomix repo.
Furtunately the inbound code scan done as part of the LFIT issue resulted in, quoteth:

 
Here are the results from the open source license intake scan for atomix.

LFN OpenDaylight - atomix-archive - License Intake Scan & Analysis

  • This intake scan is a static analysis of the source code in your repository. A dependency scan was not performed. Once a project is added to LFX https://security.lfx.linuxfoundation.org, we can use SNYK to view a dependency scan for both licenses and vulnerabilities.

Code Scanned: pulled 27-FEB-2023

https://github.com/atomix/atomix-archive

Project License: Top level project license was found: Apache 2.0

SPDX license identifiers: License info was present in file headers, SPDX license identifiers were not found. I recommend that these be included in every source file header. [see https://spdx.dev/ids]

Permissive licenses: Apache-2.0

Copyleft licenses: None found

Proprietary licenses: None found

License conflicts: None found

Binary / package files: None found

Third party code / dependencies: None found

  • NOTE: Open source licenses for any third party dependencies were not investigated as part of the intake scan, so not all potential license conflicts are reported here.

Third party notice file: None found.

SUMMARY FINDINGS: No license conflicts found. All code in the scanned directories is under the Apache 2.0 license. There should be no issues combining this code with your ODL project under the EPL-1.0 license. No information on third party dependencies was available.

Done

Details

Assignee

Reporter

Labels

Components

Fix versions

Priority

Created January 30, 2023 at 7:27 PM
Updated April 19, 2023 at 9:12 PM
Resolved March 1, 2023 at 11:39 PM