On 02/09/2009, Luciano Resende <luckbr1...@gmail.com> wrote: > On Tue, Sep 1, 2009 at 3:57 PM, sebb<seb...@gmail.com> wrote: > > On 31/08/2009, Luciano Resende <luckbr1...@gmail.com> wrote: > >> Thanks for all the reviews and feedback for the PhotArk RC2. I have > >> fixed all the severe and blocking issues and have produced a new RC... > >> > >> Please follow the link below for the new RC details : > >> > >> > http://www.mail-archive.com/photark-...@incubator.apache.org/msg00145.html > > > > For the benefit of other reviewers, here are the details: > > > > <quote> > > The artifacts are available for review at: > > http://people.apache.org/~lresende/photark/M1-incubating-RC3/ > > > > This includes the signed binary and source distributions, the RAT report, > > and the Maven staging repository. > > > > The release tag is available at : > > https://svn.apache.org/repos/asf/incubator/photark/tags/M1-incubating-RC3/ > > </quote> > > > > Sigs and hashes OK. However no SHA hashes - only MD5 - are provided. > > tgz and zip archives agree with each other. Source archives agree with SVN > tag. > > > > SVN has one incorrect setting: > > svn pd svn:executable photark-webapp/src/main/webapp/prev_on.gif > > [not a blocker] > > > > The binary NOTICE file has a lot of paragraphs which start: > > > > "This product includes/uses ..." > > > > The NOTICE file should only include required 3rd party notices; code > > that is used (but not included) should not be mentioned in the NOTICE > > file, so the /uses part and any non-included 3rd party dependencies > > need to be removed. > > > > > I did a cross-check to make sure only the used dependencies were > mentioned in the LICENSE and got the notices sniptes from these > required dependencies. Do you see a specific piece that should be > removed ?
The point is that dependencies that are used, but not actually included, should not be mentioned in the NOTICE file as they do not form part of the artifact. As it stands, the NOTICE file is confusing/misleading, and IMO should be fixed. I've not checked the NOTICE file entries in detail, but a quick check failed to find the Axion (not Axiom) jar anywhere. Likewise Howl, JDOM, DOM4j. Perhaps these are included in other libraries. The LICENSE file lists addressing-1.3.mar but there appears to be no such file. The following files in LICENSE don't agree with the contents of the lib directory in the war: cglib-nodep-2.1_3.jar geronimo-commonj_1.1_spec-1.0.jar > > There are no NOTICE and LICENSE files in the META-INF directory in the > > war file; ideally these should be present - in this case they will be > > the same as the ones in the binary archive. > > > > There's some inconsistency between the NOTICE files. > > > > The top-level NOTICE file in the binary archive says: > > > > Copyright (c) 2008 - 2009 > > > > whereas the NOTICE file in the photoark-assets-M1-incubating.jar > > META-INF directory says: > > > > Copyright (c) 2005 - 2008 The Apache Software Foundation > > > > The parent pom says the inception year is 2008, so the latter file looks > wrong. > > Seems to be an error in the NOTICE skeleton files. > > > > > These does not seem as release blockers to me. Do you agree ? > > > > > -- > > Luciano Resende > http://people.apache.org/~lresende > http://lresende.blogspot.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
