I'm seeing a lot of extraneous files in the release candidate... it looks like maybe the working directory was tarred up after testing? For some files, this can make it tough to tell what is actually a source file and what is just a derived file. It's also error prone to tar up a development directory since one can't guarantee that all of the tested files are in source control.
Some examples of the extra files: ./integration ./integration/Cargo.toml ./integration/local_data_272627079782518201974418350628471215361 ./integration/local_data_272627079782518201974418350628471215361/runtime ./integration/local_data_272627079782518201974418350628471215361/runtime/._current_config.toml ./integration/local_data_272627079782518201974418350628471215361/runtime/current_config.toml ./integration/local_data_272627079782518201974418350628471215361/state/log .[...] >From a security perspective, a binary file masquerading as a test file was how the xz backdoor got introduced ;-) https://www.akamai.com/blog/security-research/critical-linux-backdoor-xz-utils-discovered-what-to-know Also note the Apple-specific ._ files everywhere. This makes it difficult to even do something like find . -name \*.rs Another nit is that the archive was not contained in a directory (e.g. tar xvzf iggy.gz spewed a bunch of files in my CWD) Regarding licenses: I see these files: ./licenses ./licenses/ring-BoringSSL.txt ./licenses/passterm-BSD 3-Clause.txt Is there source code using these licenses included in the distribution? If so, I think the top-level LICENSE file may need to reflect that. https://infra.apache.org/licensing-howto.html -Yonik On Sun, Apr 13, 2025 at 11:30 AM Yonik Seeley <ysee...@gmail.com> wrote: > > Hey folks, just got back in-country, so I'll be able to check this out > shortly (although my taxes may need to come first ;-) > -Yonik > > On Sat, Apr 12, 2025 at 11:49 PM Kranti Parisa <kra...@apache.org> wrote: > > > > We got 2 +1 binding votes and need 1 more from IPMC to land our first > > Apache release! > > > > Can someone from IPMC review this please? > > > > Best, > > Kranti (Iggy PPMC) --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
