[
https://issues.apache.org/jira/browse/RAT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067263#comment-18067263
]
ASF subversion and git services commented on RAT-523:
-----------------------------------------------------
Commit 9bdd4410832cf875c5995bf6f961b7640ac42391 in creadur-rat's branch
refs/heads/master from P. Ottlinger
[ https://gitbox.apache.org/repos/asf?p=creadur-rat.git;h=9bdd4410 ]
Merge pull request #631 from
apache/dependabot/maven/org.mockito-mockito-bom-5.23.0
RAT-523: Bump org.mockito:mockito-bom from 5.22.0 to 5.23.0
> extension to do full check of source release tar/zip
> ----------------------------------------------------
>
> Key: RAT-523
> URL: https://issues.apache.org/jira/browse/RAT-523
> Project: Apache RAT
> Issue Type: Improvement
> Components: Tools
> Reporter: PJ Fanning
> Priority: Major
>
> We might be able to get people from outside the RAT team involved so this
> isn't a request for you to do work, more of a request for a home for this
> feature.
> The Rat tool is useful and is regularly used. But an extension might have
> these features.
> * starts with the source release tar/zip and checks its name includes
> 'apache' and 'incubating' for Incubator podlings
> * checks the checksum file is valid for the tar/zip
> * checks the signing of the tar/zip
> * checks that there are LICENSE and NOTICE files and maybe even does some
> basic checks on them
> * for Incubator releases, checks there is a DISCLAIMER or DISCLAIMER-WIP
> * checks out the code from git based on the last git commit announced in the
> vote email and compares that the source matches what is in the source release
> * also runs the existing Rat checks for source headers and binary files
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
