Hi Roman, See my remarks inline below. I hope this gives you enough confidence to sign this release off.
2014/1/24 Roman Shaposhnik <[email protected]> > I know that some of the items are nits, but if we are to > re-cut an RC for Boost reasons -- I'd suggest we may > as well take care of them > The way I read [2], there is no need to add anything to the notice file at all. All third party sources we use have a header with the respective license information. At [2] it is even explicitly mentioned not to add anything unless legally required. "Do not add anything to NOTICE which is not legally required." So I don't see a reason why a new release is needed for Boost. > > > The checksum has been created with the command mentioned on the Apache > > Signing Releases page [1]. I don't see what is wrong with this. > > There was an old discussion on that some time ago. Basically > the problem boils down to a fact that I can't verify it with shasum(1) > and thus can't sign off on it. > This was indeed an old discussion, but there has never been reached a consensus, and as stated before, I've explicitly used the method described on the Apache pages, which uses the gpg tooling to verify a checksum. Instead of using shasum, you can simply use gpg --print-md "filename". If all I do is follow the official Apache document then what am I doing wrong? I've had some discussion with Marcel on this topic as well, and in some other project where Marcel is involved, they use a script to compare the checksums. A similar solution might be implemented for Celix as well, I don't mind adding this to the backlog. > > >> * it would be nice to have version embedded into the name of the top > >> level dir inside of the tarball > >> > > > > We have decided to leave it out since else there would always be an issue > > with the BUILDING instructions and the default directory. This was a > remark > > by someone on the first (0.0.1) release where we did have the version in > > the top-level directory. > > Hm. I'm just curious -- was there a thread on this one? > This was a remark made by Marcel on our first release. See [3] for his message/the release thread. > > >> * boost license is missing in NOTICES > >> > > > > Why should the boost license be in the NOTICES file? There have been a > lot > > of discussions on this file, and my understanding always has been that > if a > > license is in a header it is not needed to add it to the NOTICES file. > > I honestly don't recall this. Care to point a thread? > I can't find the thread, but [2] gives a good explanation. > > Thanks, > Roman. > [1]: http://www.apache.org/dev/release-signing#sha-checksum [2]: http://www.apache.org/dev/licensing-howto.html#mod-notice [3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs -- Met vriendelijke groet, Alexander Broekhuis
