Skip to content

GeoServer Provenance Review

Jump to bottom Edit New page
jdeolive edited this page Jun 11, 2014 · 1 revision

GeoServer Provenance Review

GeoServer code providence review, covering issues raised for each module in GeoServer. The goal here is to check the headers (fill them in if needed) and confirm that the information is correct. We can also list JIRA issues against any inconsistencies discouvered.

Key Definition
not checked yet
(!) check in progress
(!)(x) check is stuck, header or license requires developer attention
(/)(/) checked, all clear
(/)(!) checked, warning (missing information)
(/)(x) checked, fix me! requires developer attention

Manual Review

Source Code

We are carefully checking java source file headers here, and exploring git (or even svn) history to double check where files came from.

We are less concerned with test cases, and test-data (as these are not distributed to end-users).

Extensions

Core

  • (/)~~ Karin / JG
  • (/)~~ JG
  • (/)
  • (/)~~ a lot of missing headers here

Community (EXCLUDED)

This review is limited to modules we are distributing for download to end-users. Community modules are considered a work in progress and will reviewed when they ready to be added to the project.

In a similar fashion build support modules and test plugins are not reviewed.

  • community

Build (EXCLUDED)

Build files also do not end up in the final distribution are excluded from this review:

  • maven/archetype
  • maven/config
  • maven/findbugs

Documentation

Documentation is expected to be under a license such as Creative Commons by Attribution:

Data

This is the data we distribute, we want to ensure we have obtained permission

Data

The priority is the data bundled with our application:

  • https://github.com/geoserver/geoserver/tree/master/data/release
    • (/) "GEOS5466“:http://jira.codehaus.org/browse/GEOS-5466 Check release data license *** ARC Sample "Data provided by GeoSolutions with distribution permissions" *** (/) IMG Sample”Data provided by GeoSolutions with distribution permissions" *** MOASIC Sample “Data provided by GeoSolutions with distribution permissions” *** New York City “Data provided by Open Planning Project with distribution permissions” *** Data provided by GRASS *** States Comes from GeoTools sample data, and was simplified to reduce space usage. GeoTools copy came from Census data, though the original download file cannot be found at present.
    • (/) Tasmania - Cameron indicates data derived from Digital Chart of the World
    • (/) Update README.rst with details

With other data bundles as a second priority:

App-Schema

Minimal

We are not very worried about the test data included as part of the application build, it is not something end users run with.

CITE

Assume these have been provided by the OGC, we should have a LICENSE.TXT or something crediting the OGC.

*** https://github.com/geoserver/geoserver/tree/master/data/citecsw-2.0.2

*** https://github.com/geoserver/geoserver/tree/master/data/citewcs-1.0 (OGC does not provided data) *** https://github.com/geoserver/geoserver/tree/master/data/citewcs-1.1

*** https://github.com/geoserver/geoserver/tree/master/data/citewfs-1.0 *** https://github.com/geoserver/geoserver/tree/master/data/citewfs-1.1-h2 *** https://github.com/geoserver/geoserver/tree/master/data/citewfs-1.1 *** https://github.com/geoserver/geoserver/tree/master/data/citewms-1.1 *** https://github.com/geoserver/geoserver/tree/master/data/citewms-1.3

Research shows:

Automated

The manual review was backed up with an automated QA check.

Searches Used

Find files that do not have standard header:

find . -name "*.java" | xargs egrep -L -i -H '(.+)Copyright(.+)TOPP(.+)' {}

Files that do not have any header: {noformat} (?m)package List the .java files that DON’T include the text ‘TOPP’: <pre> greprL ‘TOPP’ * | grep ‘\.java$’

Automated Shortlist -------------------

The following files have headers, but they are not the normal TOPP header - thus we know these are worth more attention ( (/) good, (!) missing headers, (x) fix me):

validation

  • (/) extension/validation/src/main/java/org/vfny/geoserver/config/validation/ArgumentConfig.java (GEOS~~5426)
  • (/) extension/validation/src/main/java/org/vfny/geoserver/config/validation/ValidationConfig.java (GEOS~~5426)
  • (/) extension/validation/src/main/java/org/vfny/geoserver/global/GeoValidator.java (GEOS~~5426)

imagemap

  • (/) extension/imagemap/src/main/java/org/vfny/geoserver/wms/responses/map/htmlimagemap/Decimator.java

wps

  • (/) extension/wps/wps-core/src/main/java/org/geoserver/wps/ppio/JAIToolsRangeConverterFactory.java
  • (/) extension/wps/wps-core/src/main/java/org/geoserver/wps/resource/CoverageResource.java
  • missing header
  • (/) extension/wps/wps-core/src/main/java/org/geoserver/wps/resource/GridCoverageResource.java
  • missing header

gwc

  • (/) gwc/src/main/java/org/geoserver/gwc/dispatch/package-info.java - missing header

main

  • (/) main/test/org/vfny/geoserver/config/ValidationTest.java - GEOS~~5455

main/src/main/java/org/vfny/geoserver/global/xml/NameSpaceElement.java~~ GEOS~~5455 * main/src/main/java/org/vfny/geoserver/global/xml/GMLSchemaTranslator.java~~ GEOS~~5455 * main/src/main/java/org/vfny/geoserver/global/xml/XMLSchemaTranslator.java~~ GEOS~~5455 * main/src/main/java/org/vfny/geoserver/global/xml/NameSpaceTranslatorFactory.java~~ GEOS~~5455 * main/src/main/java/org/vfny/geoserver/global/xml/NameSpaceTranslator.java~~ GEOS~~5455 * main/src/main/java/org/vfny/geoserver/filters/SetCharacterEncodingFilter.java~~ Apache License Version 2.0 (GEOS~~5470)

  • (/) main/src/main/java/org/geoserver/jai/JAIInfo.java - seems fine?
  • (/) main/src/main/java/org/geoserver/filters/GZIPFilter.java GEOS–5460
  • (/) main/src/main/java/org/geoserver/filters/GZIPResponseWrapper.java GEOS–5460
  • (/) main/src/main/java/org/geoserver/filters/GZIPResponseStream.java GEOS–5460

ows

  • (/) ows/src/main/java/org/geoserver/ows/util/RewindableInputStream.java GEOS–5454
  • (/) ows/src/main/java/org/geoserver/ows/util/UCSReader.java GEOS–5453

release

  • (/) release/installer/mac/console/src/main/java/org/geoserver/console/Browser.java GEOS–5456

rest

  • (/) rest/src/test/java/org/geoserver/rest/FormatTest.java.patch - um that looks like an accident (removed file)

wcs

  • (/) wcs/src/main/java/org/geoserver/wcs/CoverageCleanerCallback.java
  • missing header

**wcs11* * wcs11/src/main/java/org/geoserver/wcs/xml/v111/bindings/TimeSequenceTypeBinding.java

** (/) wcs11/src/main/java/org/geoserver/wcs/xml/v11_1/bindings/TimePeriodTypeBinding.java GEOS–5459

web core

  • (/) web/core/src/test/java/org/geoserver/web/ComponentBuilder.java - empty header

wfs

  • (/) wfs/src/main/java/org/geoserver/wfs/xml/NameSpaceElement.java (GEOS~~5455)
  • (/) wfs/src/main/java/org/geoserver/wfs/xml/GMLSchemaTranslator.java (GEOS~~5455)
  • (/) wfs/src/main/java/org/geoserver/wfs/xml/XMLSchemaTranslator.java (GEOS~~5455)
  • (/) wfs/src/main/java/org/geoserver/wfs/xml/NameSpaceTranslatorFactory.java (GEOS~~5455)
  • (/) wfs/src/main/java/org/geoserver/wfs/xml/NameSpaceTranslator.java (GEOS~~5455)
  • (/) wfs/src/main/java/org/geoserver/wfs/JoinExtractingVisitor.java - missing header

wms

  • (/) wms/src/test/java/org/geoserver/wms/WMSFilterMosaicTestSupport.java - missing header
  • (/) wms/src/test/java/org/geoserver/wms/decoration/ScaleRatioDecorationTest.java
  • (/) wms/src/test/java/org/geoserver/wms/map/quantize/ColorIndexerTest.java - GeoTools LGPL header (GEOS~~5468)
  • (/) wms/src/test/java/org/geoserver/wms/wms11_1/LayerGroupWorkspaceTest.java
  • missing header
  • (/) wms/src/main/java/org/geoserver/wms/map/quantize/ColorIndexerCRIF.java - GeoTools LGPL header (GEOS~~5468)
  • (/) wms/src/main/java/org/geoserver/wms/map/quantize/ColorIndexerOpImage.java
  • (/) wms/src/main/java/org/geoserver/wms/map/quantize/ColorIndexerDescriptor.java

Expectations and Examples

There has been a request for expectations and examples.

Expected Header

Here is what we are expecting for a header:

/* Copyright (c) 2005-2013 OpenPlans - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

What can we tell:

  • Contributor signed a code contribution agreement
  • File was created in 2005
  • File was last modified in 2013
  • The code will pass out of copyright in 2133 (ie 120 years)
  • Just because we run a compiler past it does not automatically mean we update the date
  • Same probably goes for a pretty printer or search and replace (we are interested in protecting human authors here)

Example of a Normal File

Here is what most of the headers look like:

/* Copyright (c) 2001 - 2011 TOPP - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

What can we tell:

  • Contributor signed a code contribution agreement
  • The default header for GeoServer indicated © 2001 (so if you really care about start date you could double check the file history)
  • The header was last modified (by hand) in 2011
  • The name of the organisation has changed

Result:

/* Copyright (c) 2001 - 2011 OpenPlans - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

Example of a New File

Here is what headers for a newly created file look like:

/* Copyright (c) 2012 TOPP - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

What can we tell:

  • Contributor signed a code contribution agreement
  • This file has just been added to the code base in 2012 year
  • The name of the organisation has changed to OpenPlans

Result

/* Copyright (c) 2012 OpenPlans - www.openplans.org. All rights reserved.
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */

Example of Apache License

/*
 * The Apache Software License, Version 1.1
 *
 *
 * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
 * reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. The end-user documentation included with the redistribution,
 *    if any, must include the following acknowledgment:
 *       "This product includes software developed by the
 *        Apache Software Foundation (http://www.apache.org/)."
 *    Alternately, this acknowledgment may appear in the software itself,
 *    if and wherever such third-party acknowledgments normally appear.
 *
 * 4. The names "Xerces" and "Apache Software Foundation" must
 *    not be used to endorse or promote products derived from this
 *    software without prior written permission. For written
 *    permission, please contact [email protected].
 *
 * 5. Products derived from this software may not be called "Apache",
 *    nor may "Apache" appear in their name, without prior written
 *    permission of the Apache Software Foundation.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation and was
 * originally based on software copyright (c) 1999, International
 * Business Machines, Inc., http://www.apache.org.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 */

//package org.apache.xerces.impl.io;

What we can tell:

  • File was provided under apache license
  • Created in 2000, updated in 2002 (so we have a copy of an old file here!)
  • License terms are fairly clear

Actions:

  • Double check we have reproduced the license (note we are not changing the license)
  • Double check we have acknowledged our software contains some apache code as requested

Example of LGPL from GeoTools

package org.geotools.referencing.operation.projection;

import org.geotools.metadata.iso.citation.Citations;
import org.geotools.referencing.NamedIdentifier;
import org.opengis.parameter.ParameterDescriptor;
import org.opengis.parameter.ParameterDescriptorGroup;
import org.opengis.parameter.ParameterNotFoundException;
import org.opengis.parameter.ParameterValueGroup;
import org.opengis.referencing.operation.CylindricalProjection;
import org.opengis.referencing.operation.MathTransform;

/**
 * Mercator 1SP variation used by Google, which basically requires to accept lat/lon values
 * as spherical coordinates, that is, avoiding to do any conversion from ellipsoid to the sphere.
 * @author Andrea Aime
 * @deprecated Since GeoTools 2.4.0 there is no need to use this custom projection anymore, use 
 *             the WKT definition suggested in {@link http://jira.codehaus.org/browse/GEOT-1511}
 *             instead
 */
public class Mercator1SPGoogle extends Mercator {

What we can tell:

  • No header - but package name and comment indicate this was from GeoTools
  • GeoTools 2.4.0 gives us an idea of when this was last modified

Actions:

  • Raise an issue: [https://jira.codehaus.org/browse/GEOS-5457]

  • Update the header to indicate we are providing this under GPL (default action for a missing header)

  • GeoServer and GeoTools have a standing arrangement, as a GeoServer contributor we need to send an email asking for a file to the geotools-devel email list. This is acknowledged by a GeoTools PMC member (or an alternate suggestion made).

  • When reusing code from any project we record where we got it from in the header (and under what license if necessary):

    /* Copyright (c) 2004-2012 OpenPlans - www.openplans.org. All rights reserved.

    •       (c) 2003-2004 Open Source Geospatial Foundation (LGPL)
    • This code is licensed under the GPL 2.0 license, available at the root
    • application directory. */

For additional examples see the geotools project .

Example of Generated File

Some of the Java files are generated as part of the build.

/* Generated By:JJTree: Do not edit this line. ASTAxisId.java */
package org.geoserver.wcs.kvp.rangesubset;

What we can tell:

  • In this case the original grammar file is considered the source code (and should have a header comment)
  • We do not expect the individually generated files to have GPL headers.

Example from Tutorial or Magazine Code

Some of the code has been pulled from example code, as such the license story needs to be checked a bit differently (this is common for code examples).

  • GZIPResponseStream and related files are based on a code example

https://jira.codehaus.org/browse/GEOS-5460

/*
 * Copyright 2003 Jayson Falkner ([email protected])
 * This code is from "Servlets and JavaServer pages; the J2EE Web Tier",
 * http://www.jspbook.com. You may freely use the code both commercially
 * and non-commercially. If you like the code, please pick up a copy of
 * the book and help support the authors, development of more free code,
 * and the JSP/Servlet/J2EE community.
 *
 * Modified by David Winslow <[email protected]>
 */

Here is what we can tell:

  • The code can be used freely (yay!) and commercially (geoserver based projects), so we are in keeping with the spirit of the header
  • We can update the header to document our use of the file, but we are not changing the license

Result:

/*
 * Copyright (c) 2007 - 2013 OpenPlans - www.openplans.org. All rights reserved.
 * Copyright 2003 Jayson Falkner ([email protected])

 * This code is from "Servlets and JavaServer pages; the J2EE Web Tier",
 * http://www.jspbook.com. You may freely use the code both commercially
 * and non-commercially. If you like the code, please pick up a copy of
 * the book and help support the authors, development of more free code,
 * and the JSP/Servlet/J2EE community.
 *
 * Modified by David Winslow <[email protected]> on 2007-12-13.
 */

Example using Version Control History to Recover Authorship

BEFORE

    /*
     * This code is free software; you can redistribute it and/or
     * modify it under the terms of the GNU Lesser General Public 
     * License as published by the Free Software Foundation; either 
     * version 2.1 of the License, or (at your option) any later version.
     *
     * This code is distributed in the hope that it will be useful,
     * but WITHOUT ANY WARRANTY; without even the implied warranty of
     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
     * GNU Lesser General Public License for more details.
     *
     * You should have received a copy of the GNU Lesser General Public 
     * License along with this program; if not, write to the Free 
     * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, 
     * MA  02111-1307, USA.
     */

What we can tell:

  • Header is not telling us who contributed the file, checking github history indicates it was Andrea Aime in 2011
  • Header indicates Andrea has provided us this file as LGPL (perhaps not on purpose?)
  • Further inspection (in the class javadoc) shows this code Copyright 1999~~2001 by Eric Albert, and can be used as long as we preservice the following comment: <pre> /*
  • This code is Copyright 1999~~2001 by Eric Albert ([email protected])
  • and may be redistributed or modified in any form without restrictions as
  • long as the portion of this comment from this paragraph through the end of
  • the comment is not removed. The author requests that he be notified of
  • any application, applet, or other binary that makes use of this code, but
  • that’s more out of curiosity than anything and is not required. This
  • software includes no warranty. The author is not repsonsible for any loss
  • of data or functionality or any adverse or unexpected effects of using
  • this software.

* Credits: *
Steven Spencer, JavaWorld magazine * ( * Java Tip 66) *
Thanks also to Ron B. Yeh, Eric Shapiro, Ben Engber, Paul Teitlebaum, * Andrea Cantatore, * Larry Barowski, Trevor Bedzek, Frank Miedrich, and Ron Rabakukk */ Actions: * Raise an issue: [https://jira.codehaus.org/browse/GEOS-5456](https://jira.codehaus.org/browse/GEOS-5456) * Contact the Author to clarify their intensions about LGPL * In this case Andrea has signed a code contribution agreement, and LGPL is compatible with GPL * So we can probably go ahead and change the header to: 

/* Copyright (c) 2011-2012 OpenPlans - www.openplans.org. All rights reserved.
 *           (c) 1999-2001 Eric Albert ([email protected]) 
 *
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 * 
 * This code is Copyright 1999-2001 by Eric Albert ([email protected]) 
 * and may be redistributed or modified in any form without restrictions as 
 * long as the portion of this comment from this paragraph through the end of 
 * the comment is not removed.  The author requests that he be notified of 
 * any application, applet, or other binary that makes use of this code, but 
 * that's more out of curiosity than anything and is not required.  This 
 * software includes no warranty.  The author is not repsonsible for any loss 
 * of data or functionality or any adverse or unexpected effects of using 
 * this software.
 * <p>
 * Credits:
 * <br>Steven Spencer, JavaWorld magazine 
 * (<a href="http://www.javaworld.com/javaworld/javatips/jw-javatip66.html">
 * Java Tip 66</a>)
 * <br>Thanks also to Ron B. Yeh, Eric Shapiro, Ben Engber, Paul Teitlebaum, 
 * Andrea Cantatore,
 * Larry Barowski, Trevor Bedzek, Frank Miedrich, and Ron Rabakukk
 */
Add a custom footer

Home
Proposals
Release Schedule

Clone this wiki locally