Hi Roman, Could you have a look at the comments of Alexander? I known I'm pushing a bit, but we are hoping to get the release ready :).
On Fri, Jan 24, 2014 at 12:11 PM, Alexander Broekhuis <[email protected] > wrote: > Hi Roman, > > See my remarks inline below. I hope this gives you enough confidence to > sign this release off. > > 2014/1/24 Roman Shaposhnik <[email protected]> > > > I know that some of the items are nits, but if we are to > > re-cut an RC for Boost reasons -- I'd suggest we may > > as well take care of them > > > > The way I read [2], there is no need to add anything to the notice file at > all. All third party sources we use have a header with the respective > license information. At [2] it is even explicitly mentioned not to add > anything unless legally required. > > "Do not add anything to NOTICE which is not legally required." > > So I don't see a reason why a new release is needed for Boost. > > > > > > The checksum has been created with the command mentioned on the Apache > > > Signing Releases page [1]. I don't see what is wrong with this. > > > > There was an old discussion on that some time ago. Basically > > the problem boils down to a fact that I can't verify it with shasum(1) > > and thus can't sign off on it. > > > > This was indeed an old discussion, but there has never been reached a > consensus, and as stated before, I've explicitly used the method described > on the Apache pages, which uses the gpg tooling to verify a checksum. > Instead of using shasum, you can simply use gpg --print-md "filename". > > If all I do is follow the official Apache document then what am I doing > wrong? > > I've had some discussion with Marcel on this topic as well, and in some > other project where Marcel is involved, they use a script to compare the > checksums. A similar solution might be implemented for Celix as well, I > don't mind adding this to the backlog. > > > > > > >> * it would be nice to have version embedded into the name of the > top > > >> level dir inside of the tarball > > >> > > > > > > We have decided to leave it out since else there would always be an > issue > > > with the BUILDING instructions and the default directory. This was a > > remark > > > by someone on the first (0.0.1) release where we did have the version > in > > > the top-level directory. > > > > Hm. I'm just curious -- was there a thread on this one? > > > > This was a remark made by Marcel on our first release. See [3] for his > message/the release thread. > > > > > > > >> * boost license is missing in NOTICES > > >> > > > > > > Why should the boost license be in the NOTICES file? There have been a > > lot > > > of discussions on this file, and my understanding always has been that > > if a > > > license is in a header it is not needed to add it to the NOTICES file. > > > > I honestly don't recall this. Care to point a thread? > > > > I can't find the thread, but [2] gives a good explanation. > > > > > > Thanks, > > Roman. > > > > > [1]: http://www.apache.org/dev/release-signing#sha-checksum > [2]: http://www.apache.org/dev/licensing-howto.html#mod-notice > [3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs > > -- > Met vriendelijke groet, > > Alexander Broekhuis >
