creadur-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [VOTE] Release Apache Rat 0.12 RC2
Date Thu, 02 Jun 2016 12:09:34 GMT
The distribution directory contains pom.xml and a jar.
These are not normally part of the ASF mirror release and should
presumably be removed before publication.

The md5 files don't look quite right; for example:

$ cat apache-rat-0.12-src.zip.md5
990295a357c340e0d386b64ff542771e  -

The trailing '  -' is unusual.
Either it should be removed, or the file name should be present.
Similarly for the .sha1 files.
Note that the previous release used plain files with no trailing file names.

The .asc.md5 and .asc.sha1 files are useless and should be dropped.

The various source archives have valid sigs and hashes, and they agree
with each other.

However there is a problem with the source archives. The file

apache-rat-plugin/src/test/resources/unit/it1/.bzrignore

is present in the source tag but is missing from all the source archives.

As such, I have to vote:

-1

S.
P.S. The reason for including the SVN revisions and hashes is to
ensure that the released code can be traced back to the official vote.

Likewise, it is vital that the source archives agree with the SVN tag.
It's not really feasible to check license compatibility for each and
every file in the archive at RC vote time.
So it is assumed that files in SVN have been vetted for license compatibility.

This is all essential for establishing proper provenance.

On 29 May 2016 at 15:11, sebb <sebbaz@gmail.com> wrote:
> On 28 May 2016 at 09:18, Jochen Wiedmann <jochen.wiedmann@gmail.com> wrote:
>> The following things have changed, compared to RC1:
>>
>>   - NOTICE file has been updated.
>>   - KEYS file moved to the release tree.
>>   - RELEASE_NOTES.txt has been removed, there's now only one.
>>   - Links to apache-rat-gradle have been eliminated.
>>
>> Source Tag:
>>
>>   https://svn.apache.org/repos/asf/creadur/rat/tags/apache-rat-project-0.12-RC2/
>
> The SVN revision should really be included since tags are not immutable.
>
> I assume you are referring to r1745841.
>
>> Proposed distribution:
>>
>>   https://dist.apache.org/repos/dist/dev/creadur/apache-rat-0.12RC2
>
> SVN revision: I assume this is r13824
>
>> Proposed KEYS:
>>
>>   https://dist.apache.org/repos/dist/release/creadur/KEYS
>
> Should really link to the actual KEYS at
>
> https://www.apache.org/dist/creadur/KEYS
>
>> Proposed site:
>>
>>   https://home.apache.org/~jochen/site-rat-0.12RC2/
>>
>> Proposed Maven repository:
>>
>>   https://repository.apache.org/content/repositories/orgapachecreadur-1003
>
> This is not a permanent URL.
> I'm not sure it's possible to trace back the deployed Maven artifacts
> to the vote email without some additional info, e.g. the hashes for
> the artifacts.
> So here are the ones downloaded from Nexus:
>
> apache-rat-0.12.jar.md5:405a824f964acc5154f18cc4f1c49ef4
> apache-rat-0.12.pom.md5:07fb1e255fb5cb732c9a171ec41c8a08
> apache-rat-api-0.12-javadoc.jar.md5:cfb9bf6098016df162279eaec542abf6
> apache-rat-api-0.12-sources.jar.md5:76523117803d48b33d5397ed6d7d6a69
> apache-rat-api-0.12.jar.md5:b7a57d5f77fb473429295ada284976bc
> apache-rat-api-0.12.pom.md5:221c468a2064455f245c70890eea7788
> apache-rat-core-0.12-javadoc.jar.md5:92efc591347b8c430443e98784b9097d
> apache-rat-core-0.12-sources.jar.md5:1ce1afa06b1dfa39b7f13327c2352044
> apache-rat-core-0.12.jar.md5:e01d4957033f251d11fad3adc4778dfc
> apache-rat-core-0.12.pom.md5:d4bf5460a01e0bc65431da8db6b84f04
> apache-rat-plugin-0.12-javadoc.jar.md5:971f1f433300e0b89b043b90708cdd09
> apache-rat-plugin-0.12-sources.jar.md5:9853b082ceb653eca630062a006e2f3a
> apache-rat-plugin-0.12.jar.md5:89a78b4a9c74d9af04c9949394c4695e
> apache-rat-plugin-0.12.pom.md5:effc3541ec5a60a4989cc602b7c33d83
> apache-rat-project-0.12-site.xml.md5:ef44858fb9c06e813257f1045ad16756
> apache-rat-project-0.12.pom.md5:3297f250fc177ee8ca7385fef4917043
> apache-rat-tasks-0.12-javadoc.jar.md5:96b3131aec6f4d021eae4f8c52aa2393
> apache-rat-tasks-0.12-sources.jar.md5:2443303c9e77e26ec50baf3690004b41
> apache-rat-tasks-0.12.jar.md5:44209b8a75848c89000418e49d3ead94
> apache-rat-tasks-0.12.pom.md5:8aa4082dcdd8401b33bfcfbbb3d80c74
>
>
>> Vote is open for 72 hours, as usual.
>>
>>
>> Jochen
>>
>>
>> --
>> The next time you hear: "Don't reinvent the wheel!"
>>
>> http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg
>>
>>
>> --
>> The next time you hear: "Don't reinvent the wheel!"
>>
>> http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg

Mime
View raw message