incubator-kato-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stuart Monteith <stuk...@stoo.me.uk>
Subject Re: Apache Kato release - comments please
Date Mon, 23 Nov 2009 10:01:36 GMT
Hi,
     Thanks Robert, Ant, for looking at this for us.

I'll address the issues you have highlighted. I've got the rat reports 
placed on
the website I listed, I presume this includes the plain source.

Thanks,
     Stuart

Robert Burrell Donkin wrote:
> On Sun, Nov 22, 2009 at 11:44 AM, ant elder<ant.elder@gmail.com>  wrote:
>    
>> On Fri, Nov 20, 2009 at 5:28 PM, Stuart Monteith<stukato@stoo.me.uk>  wrote:
>>      
> <snip>
>
> (looks like i'm going to be snowed under over the next week with
> coursework so i'm not going to be very active)
>
>    
>>  From the ASF release perspective it actually looks pretty good to me,
>> never the less I'm sure it would be educational to try out the
>> multi-stage audit.
>>
>> Here's a few things i found looking at the artifacts:
>>
>> - the comment box made from equals characters at the top of the NOTICE
>> files is not meant to be included, i know lots of other projects do
>> but it was just from misinterpreting an example NOTICE file.
>>
>> - the commons-lang-2.0.jar in apache-kato-M1-incubating-bin.zip is
>> actually using the Apache License version 1.1. If you really need
>> version 2.0 of commons-lang then you'd need to include AL 1.1 in the
>> Kato LICENSE file, but there are newer releases of commons-lang using
>> AL 2.0 you could use.
>>
>> - there's a few empty readme.html and README.txt files in most of the artifacts.
>>      
> this is the build process stage: pretty painless. once these are
> fixed, then ant could ask on the list for IPMC volunteers to double
> check his work.
>
> the other stages are licensing and source audits.
>
> licensing audit should be simple in this case but it takes a while for
> licenses to be categorised so advice should be sort any dependencies
> which aren't covered as early as possible. this is good general advice
> - when adding new dependencies, check whether they have been
> categorised and  - if not - get that started immediately.
>
> source audit involves checking that headers are ok and foreign source
> correctly credited. you can do this by running RAT against the plain
> source. i expect this should be relatively painless in this case.
>
> - robert
>    

-- 
Stuart Monteith
http://blog.stoo.me.uk/


Mime
View raw message