On Wed, May 20, 2026, 05:48 Mark Thomas <[email protected]> wrote: > On 19/05/2026 21:01, Gary Gregory wrote: > > RAT fails on the non-native src zip commons-daemon-1.6.0-src > > > > Running the default maven build: > > > > ... > > [INFO] --- apache-rat:0.18:check (rat-check) @ commons-daemon --- > > [ERROR] Unexpected count for UNAPPROVED, limit is [0,0]. Count: 3 > > [WARNING] ***************************************************** > > Generated at: 2026-05-19T15:57:59-04:00 > > > > Files with unapproved licenses: > > /src/native/unix/configure > > /src/native/unix/support/config.guess > > /src/native/unix/support/config.sub > > [INFO] > ------------------------------------------------------------------------ > > [INFO] BUILD FAILURE > > [INFO] > ------------------------------------------------------------------------ > > [INFO] Total time: 1.071 s > > [INFO] Finished at: 2026-05-19T15:58:00-04:00 > > [INFO] > ------------------------------------------------------------------------ > > [ERROR] Failed to execute goal > > org.apache.rat:apache-rat-plugin:0.18:check (rat-check) on project > > commons-daemon: Counter(s) UNAPPROVED exceeded minimum or maximum > > values. See RAT report in: > > '/Users/garygregory/rc/cd/commons-daemon-1.6.0-src/target/rat.txt'. -> > > [Help 1 > > > > It looks like these file support comments so they should have an > > Apache license header. > > No, they are not ALv2 licensed. > Those files should be excluded by the RAT configuration in the Maven > build. The POM also has brief comments explaining the exclusions. > > Odd. I see the same failures from both the -src.zip and the -src.tar.gz. > But I don't see the failure when running from a git checkout. > > I can't explain this difference in behaviour. I did a diff of the > effective POMs for both and there were - ignoring paths and '-SNAPSHOT' > - identical. >
Maybe there is something left over in a generated folder like ./target ? Since Apache delivers sources (strictly speaking), I never review git checkouts, only source zips. This might be a deal breaker for folks who build everything from 1st principles (like Linux distros). Don't you think this should be addressed? Gary > Mark > > > > > Gary > > > > On Tue, May 19, 2026 at 1:47 PM Mark Thomas <[email protected]> wrote: > >> > >> We have fixed a few bugs and added binaries for ARM64 Windows since the > >> release of Apache Commons Daemon 1.5.1, so I would like to release > >> Apache Commons Daemon 1.6.0. > >> > >> Apache Commons Daemon 1.6.0 RC2 is available for review here: > >> https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2 > >> (svn revision 84617) > >> > >> The Git tag commons-daemon-1.6.0-RC2 commit for this RC is > >> 161be995978628aba65f3904b1ed8d8aa3a2733c, which you can browse here: > >> > >> > https://gitbox.apache.org/repos/asf?p=commons-daemon.git;a=commit;h=161be995978628aba65f3904b1ed8d8aa3a2733c > >> You may checkout this tag using: > >> git clone https://gitbox.apache.org/repos/asf/commons-daemon.git > >> --branch commons-daemon-1.6.0-RC2 commons-daemon-1.6.0-RC2 > >> > >> Maven artifacts are here: > >> > >> > https://repository.apache.org/content/repositories/orgapachecommons-1939/commons-daemon/commons-daemon/1.6.0/ > >> > >> These are the artifacts and their hashes: > >> > >> #Release SHA-512s > >> #Tue May 19 18:17:40 BST 2026 > >> > commons-daemon-1.6.0-bin-windows.zip=c72cb056488cd5b4202d1b86e9d10335a9458dacc44695dd0c444f9e84839e89d395b03a5240146280c772d68b6d458cd15d3eab8fb2bc1817d4022b5b0fcedd > >> > commons-daemon-1.6.0-bin.tar.gz=250b41c30a4ec9f2bdea1d68f064c5d829893a0fe46e637177300e991dbb5a8aa479cbd9dfc71f0c2e34221884f1c6934193d6fe8404089c4b1da5682a780638 > >> > commons-daemon-1.6.0-bin.zip=8c8b3fa91a6d49c4c8627cc595fcc14338007ab82486e56753ebdb96c5e8382b3bc4206cdc6ebc2de0f22595999a3e2eeea48a367d4a4da6c48dd834daa2ea6e > >> > commons-daemon-1.6.0-bom.json=86ccf86e011bb4a3a8441ddc059ceb096a3230c18db412351bd8d1f5e9ccbcc7dd7cd47eabdb9dd36f45462623526cdd8ff157156eec5e171a427f51ddfbbbce > >> > commons-daemon-1.6.0-bom.xml=64fa302148549171b67572edd963e1562c6bf539e52ec9e4f43d235e3c518f06ee414f683d04160bb827b30aa02201cbe34b631178f98ca898bdb9b61f907fb1 > >> > commons-daemon-1.6.0-javadoc.jar=da8746bfab054b3d5ada1e7acbff86b5638ba41d29a59f18bf4713fd0072a3be0b521ca2cb5bccbea050e6fe9c0b5c4ffa6a7845ffc0ac43d4afa75e336c9038 > >> > commons-daemon-1.6.0-native-src.tar.gz=e408672218c03391c6ea41432135de8811894574e6cfbf182eb4c3959d06a6ffb410cd5649f40b9cd7212e4c4352de8148c74a42934679c7edef36971e0d85f8 > >> > commons-daemon-1.6.0-native-src.zip=d20293f691f4ff1c3f1a47984493ffa813199be3ef04a4d9f5a92a1b3aa5627d84a9f5f19d55157060a988bf048a9c0c949fff972acc2ec60fb54461f1dcae9f > >> > commons-daemon-1.6.0-sources.jar=195857f7c29fdbf2515075cfb71f470aeead63e38950f33003f9666beb586eb81ad702009ba95f197c2de15d541bea1889201d3eed7a06d9b5affba6ac96b69d > >> > commons-daemon-1.6.0-src.tar.gz=4496833f01da03140b0e01c0302c7fbb13573a50061c96f72cda5e95cec30750dcafe8c3b810fb46ee3204d37341cc4b1a441d3e15bd8839e69eca72854bccc6 > >> > commons-daemon-1.6.0-src.zip=5d227c6bd653488275fa26e93c12f509fe18b3dc0e835ecf07fa454abef6aba9fa63e99f567e2b6750009949c2da90e5acaf10c52841dea996a4b5f455bb4f2d > >> > commons-daemon-1.6.0-test-sources.jar=3e38f138c28a858ad6a900c6825baf7b4d4f00a3b77fda98215a6a1b3040d1a8bb72cfd4735edc9b11c34339e8858e0a8eec7f85b4995d8056e9c437a192e209 > >> > commons-daemon-1.6.0-tests.jar=c411d0a9ac6bc5faa8efb0b99920bf8926e604aad31b8f616c1ca5e3881875f4df1466b9bac067267ed5d910d85f5806e219cb63b4de2ff372a71bbfaa4ea76d > >> > commons-daemon_commons-daemon-1.6.0.spdx.json=9ac32b48ad257f2414bc688d0659fe96d4ba252a7ee718fb7a2faa08bd3348a7f697badb11b82a0f457025b452c2e5dcac7f4e9a2676434448a315cb8203885b > >> > >> > >> > >> I have tested this with 'mvn' using: > >> *** > >> Maven home: /opt/sdkman/candidates/maven/current > >> Java version: 25.0.3, vendor: Eclipse Adoptium, runtime: > >> /opt/sdkman/candidates/java/25.0.3-tem > >> Default locale: en_GB, platform encoding: UTF-8 > >> OS name: "linux", version: "6.8.0-111-generic", arch: "amd64", family: > >> "unix"*** > >> > >> Details of changes since 1.5.1 are in the release notes: > >> > >> > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/RELEASE-NOTES.txt > >> > >> > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/site/changes.html > >> > >> KEYS: > >> https://downloads.apache.org/commons/KEYS > >> > >> Please review the release candidate and vote. > >> This vote will close no sooner than 72 hours from now. > >> > >> [ ] +1 Release these artifacts > >> [ ] +0 OK, but... > >> [ ] -0 OK, but really should fix... > >> [ ] -1 I oppose this release because... > >> > >> Thank you, > >> > >> Mark Thomas, > >> Release Manager (using key 10C01C5A2F6059E7) > >> > >> The following is intended as a helper and refresher for reviewers. > >> > >> Validating a release candidate > >> ============================== > >> > >> These guidelines are NOT complete. > >> > >> Requirements: Git, Java, and Maven. > >> > >> You can validate a release from a release candidate (RC) tag as follows. > >> > >> 1a) Download and decompress the source archive from: > >> > >> https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/source > >> > >> 1b) Check out the RC tag from git (optional) > >> > >> This is optional, as a reviewer must at least check source > distributions. > >> > >> git clone https://gitbox.apache.org/repos/asf/commons-daemon.git > >> --branch commons-daemon-1.6.0-RC2 commons-daemon-1.6.0-RC2 > >> cd commons-daemon-1.6.0-RC2 > >> > >> 2) Checking the build > >> > >> All components should include a default Maven goal, such that you can > >> run 'mvn' from the command line by itself. > >> > >> 2) Check Apache licenses > >> > >> This step is not required if the site includes a RAT report page, which > >> you then must check. > >> This check should be included in the default Maven build, but you can > >> check it with: > >> > >> mvn apache-rat:check > >> > >> 3) Check binary compatibility > >> > >> This step is not required if the site includes a JApiCmp report page, > >> which you then must check. > >> This check should be included in the default Maven build, but you can > >> check it with: > >> > >> mvn verify -DskipTests -P japicmp japicmp:cmp > >> > >> 4) Build the package > >> > >> This check should be included in the default Maven build, but you can > >> check it with: > >> > >> mvn -V clean package > >> > >> You can record the Maven and Java version produced by -V in your VOTE > reply. > >> To gather OS information from a command line: > >> Windows: ver > >> Linux: uname -a > >> > >> 4b) Check reproducibility > >> > >> To check that a build is reproducible, run: > >> > >> mvn clean verify artifact:compare -DskipTests > >> -Dreference.repo= > https://repository.apache.org/content/repositories/staging/ > >> '-Dbuildinfo.ignore=*/*.spdx.json' > >> > >> Note that this excludes SPDX files from the check. > >> > >> 5) Build the site for a single module project > >> > >> Note: Some plugins require the components to be installed instead of > >> packaged. > >> > >> mvn site > >> Check the site reports in: > >> - Windows: target\site\index.html > >> - Linux: target/site/index.html > >> > >> 6) Build the site for a multi-module project > >> > >> mvn site > >> mvn site:stage > >> Check the site reports in: > >> - Windows: target\site\index.html > >> - Linux: target/site/index.html > >> > >> Note that the project reports are created for each module. > >> Modules can be accessed using the 'Project Modules' link under > >> the 'Project Information' menu (see <path-to-site>/modules.html). > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [email protected] > >> For additional commands, e-mail: [email protected] > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
