Hi, 2013/3/22 Sebastian Schaffert <[email protected]>: > The SHA1 checksum of the archive is > 670d7c5d4d524acb86665f234dac4ade16be8da6.
Which archive are you referring to? I checked: ./apache-marmotta-3.0.0-incubating-ldpath.zip gpg: GOOD md5 : GOOD (08c056e68d0ce01e61e18258913aa74d) sha1 : GOOD (9f3f6b0ca2122fda11cf8f68a7bd8abbed583fca) ./apache-marmotta-3.0.0-incubating-src.tar.gz gpg: GOOD md5 : GOOD (ef7ee1f1e54a0e0dd09103b30c537767) sha1 : GOOD (87c562b8acdf94bc4d2a458e3a27d01632b18c7c) ./apache-marmotta-3.0.0-incubating-installer.zip gpg: GOOD md5 : GOOD (75ac74d568dafa9e0db50ccd782f123b) sha1 : GOOD (50b7e0a8f4bf6766d85814fa02ffb1edffeb7e56) ./apache-marmotta-3.0.0-incubating-webapp.zip gpg: GOOD md5 : GOOD (5e10ab1d574d9960e81b6da378de81d5) sha1 : GOOD (cf7755c50691f728e40198aba7097adca1ae6981) ./apache-marmotta-3.0.0-incubating-installer.tar.gz gpg: GOOD md5 : GOOD (1def0b50794ff1103cab983f27d06562) sha1 : GOOD (3f0b0dbccc60155ab5281d2b396bc509297be058) ./apache-marmotta-3.0.0-incubating-webapp.tar.gz gpg: GOOD md5 : GOOD (bb4d2d5bdcf7e816200d77f570021805) sha1 : GOOD (6ccbf473c9e7b8179a8fcad78a26a4a88084d6c3) ./apache-marmotta-3.0.0-incubating-ldpath.tar.gz gpg: GOOD md5 : GOOD (fabc5f09d95db68f18e2e82fcd91b00f) sha1 : GOOD (3f76460c5dbc7f93bef25c78333cc2685748c512) ./apache-marmotta-3.0.0-incubating-src.zip gpg: GOOD md5 : GOOD (483099c177ea5d653abd429eface6a35) sha1 : GOOD (670d7c5d4d524acb86665f234dac4ade16be8da6) The KEYS are okay but could be placed at a location like http://marmotta.incubator.apache.org/KEYS Checking ./apache-marmotta-3.0.0-incubating-src.zip LICENSE & NOTICE: "software based on Sgvizler license under a MIT-style license" in NOTICE but "Sgvizler Javascript library, which is available under a "MIT" license" in LICENSE. Is there a difference? Not a problem for the release. "data based on JSON-LD Test Suite licensed under CC0 License" in NOTICE but there is no info in LICENSE - what is CC0? Fix in future releases. BUILD: Success Release matches tag: Okay Checking ./apache-marmotta-3.0.0-incubating-webapp.zip LICENSE & NOTICE: "H2 Database Engine under The H2 License, Version 1.0" in NOTICE but in LICENSE there is no "H2 License". In LICENSE it says "is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License)". You do not include a copy of this modified versions. I am really not an expert but there might be people who would argue that you need to include a copy of such licenses in LICENSE. My understanding of the ASF policies is that you should include copies of the license not just pointers. People need to be able to verify the licenses without the need to follow pointers to websites which may change. In doubt I would include the license text. Checking ./apache-marmotta-3.0.0-incubating-installer.zip marmotta-installer-3.0.0-incubating.jar/META-INF: Missing LICENSE, NOTICE, DISCLAIMER marmotta.war: Missing DISCLAIMER Checking ./apache-marmotta-3.0.0-incubating-ldpath.zip NOTICE has a list of included libs but the LICENSE does not list all of them -> missing pointers to LICENSES ldpath-3.0.0-incubating.jar/META-INF : Missing LICENSE, NOTICE, DISCLAIMER Checking staged repo: 2013/3/22 Sebastian Schaffert <[email protected]>: > A staged Maven repository is available for review at: > https://repository.apache.org/content/repositories/orgapachemarmotta-013/ I checked arbitrary files in the staged repo. All JARs I checked are missing the DISCLAIMER in META-INF. I assume this is a general problem with the build system. But the DISCLAIMER has to be there. Summary: I still believe that the NOTICE file is the wrong place for listing included libs. It is for legal notices, only. Additionally, I would suggest to include copies of licenses in the LICENSE file. But since I am also still learning a lot about this legal stuff, others may have another view on this. All information seem to be available so this would not a blocker for this release. But I am sorry, but because of the missing files in the released artifacts, especially the missing DISCLAIMER which is a must of incubating projects, I have to vote -1 for all artifacts except the original source release package (apache-marmotta-3.0.0-incubating-src.zip), which is fine. +1 for releasing apache-marmotta-3.0.0-incubating-src.zip -1 for releasing the binary artifacts produced from the source release Best, - Fabian -- Fabian http://twitter.com/fctwitt
