IMO, what would really help would be a step-by-step guide to examining a release for L & N issues. Justin explained part of his technique in this thread already. The person creating the release artifacts should have a decent chance at finding these issues before opening any vote thread.
-Alex On 7/16/15, 11:28 AM, "Marvin Humphrey" <mar...@rectangular.com> wrote: >On Thu, Jul 16, 2015 at 9:59 AM, Cédric Champeau ><cedric.champ...@gmail.com> wrote: > >> Like it or not, it passed the vote. > >Given the logistics of rolling another RC (even with a shortened >window) and the urgency of the release due to security issues, I think >this was a decent outcome. > >That said, contended release votes are extremely rare at Apache, and >the release contains some licensing glitches which would ordinarily >merit a respin in my judgment. I considered voting +1 but in the end >decided to abstain. > >> (especially because as we said, the License file >> contains more, but not less, than required), > >This is not quite the case. > >There were some bundled dependencies whose licenses were not noted in >the top-level LICENSE file. This is a licensing documentation bug, >rather than a licensing error -- it does not make distribution >illegal, but it might lead to a downstream consumer failing to uphold >the conditions of the omitted licenses. For example, they may fail to >give proper attribution in a binary redistribution. > >Additionally, in the case of normalize.css (hidden inside >stylesheet.css) and FileNameCompleter.groovy, an Apache header was >added inappropriately to files containing BSD-licensed and >MIT-licensed content. Assuming that the content of those files has >never been licensed under the ALv2, this is a licensing error, and it >is a judgment call as to whether a reasonable consumer would interpret >that header as a mistake. > >> and as >> Paul said, all jars produces *do* have them. > >Indeed -- I only spot checked, but that's what I saw as well. > >Marvin Humphrey > >--------------------------------------------------------------------- >To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >For additional commands, e-mail: general-h...@incubator.apache.org >
