I cannot reproduce the gpg failure. On a fresh CentOS install, I ran the following:
$ wget https://dist.apache.org/repos/dist/dev/incubator/daffodil/2.1.0-rc3/bin/apache-daffodil-2.1.0-incubating-bin.tgz $ wget https://dist.apache.org/repos/dist/dev/incubator/daffodil/2.1.0-rc3/bin/apache-daffodil-2.1.0-incubating-bin.tgz.asc $ wget https://dist.apache.org/repos/dist/release/incubator/daffodil/KEYS $ gpg --import KEYS gpg: key 033AE661: public key "Steve Lawrence <slawre...@apache.org>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) $ gpg --verify apache-daffodil-2.1.0-incubating-bin.tgz.asc gpg: Signature made Thu 05 Apr 2018 12:27:15 PM EDT using RSA key ID 033AE661 gpg: Good signature from "Steve Lawrence <slawre...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B58C 8114 2758 101A 43D5 B17D 36F3 494B 033A E661 Can you verify the sha sums? The sha256sum of the .asc file is: 63ebf795e4cfed85e4ef55e872a71f6f29696c4145d89c37aa5e1d74e29c08b2 I think you are correct that there is an issue regarding the [1][2] files. We did thoroughly go through our code and thought that all contributions from Mitre had been removed/replaced, but it looks like we missed these two. Because of this, we never attempted to get an SGA/CLA from Mitre, and so these files did have the ASLv2 header incorrectly added. The original license of these files was University of Illinois NCSA Open Source license [3], which is Cat A and compatible with ASLv2. These test files do not provide much value, and should just be removed. Is your vote still a +1 if we plan to remove these two files in the 2.2.0 release? DAFFODIL-1925 [4] tracks this issue. Thanks, - Steve [3] https://opensource.org/licenses/NCSA [4] https://issues.apache.org/jira/browse/DAFFODIL-1925 On 04/17/2018 12:58 AM, Justin Mclean wrote: > Hi, > > Ignoring the signing issues I would be +1 if the license of the files[1][2] > known and the LICENSE fixed in the next release. However a quick search > seems to imply that the two files below [1][2] may be licensed under terms > which are not compatible with the Apache license but I’m not 100% sure and > INAL. > > Re everything else: > - incubating in name. > - DISCLAIMER exists > - NOTICE is good > - LICENSE looks to be missing info on these files [1][2] Has an ASF header > has been added incorrectly? How are they licensed and is that compatable with > the ALv2? > - No unexpected binary files > - All source files have ASF headers > - Can compile from source > > Thanks, > Justin > > > 1. > apache-daffodil-2.1.0-incubating-src/daffodil-test/src/test/resources/org/apache/daffodil/usertests/json5.dfdl.xsd > 2. > apache-daffodil-2.1.0-incubating-src/daffodil-test/src/test/resources/org/apache/daffodil/usertests/testWSPStar.dfdl.xsd > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
