[incubator-dubbo-website] branch asf-site updated: Add license check to release guide

[huxing]

This is an automated email from the ASF dual-hosted git repository.

huxing pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-dubbo-website.git


The following commit(s) were added to refs/heads/asf-site by this push:
     new fcf17e7  Add license check to release guide
fcf17e7 is described below

commit fcf17e7543e7092ea5f23af9f55554e2319b95dc
Author: Huxing Zhang <huxing.zh...@gmail.com>
AuthorDate: Tue Apr 23 09:58:28 2019 +0800

    Add license check to release guide
---
 docs/en-us/developers/committer-guide/release-guide_dev.md | 12 ++++++++++++
 docs/zh-cn/developers/committer-guide/release-guide_dev.md | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/docs/en-us/developers/committer-guide/release-guide_dev.md 
b/docs/en-us/developers/committer-guide/release-guide_dev.md
index 51a4476..8beb128 100644
--- a/docs/en-us/developers/committer-guide/release-guide_dev.md
+++ b/docs/en-us/developers/committer-guide/release-guide_dev.md
@@ -333,6 +333,18 @@ Unzip 
apache-dubbo-incubating-${release_version}-source-release.zip to the defau
     `diff -r rc_dir tag_dir`
   - check the top n tag commits, dive into the related files and check if the 
source package has the same changes
 
+
+### check third party dependencies
+
+According to ASF policy, any [Category 
X](https://www.apache.org/legal/resolved.html#what-can-we-not-include-in-an-asf-project-category-x)
 dependency can not be included in ASF product, this includes common LGPL/GPL 
licensed dependencies. Even transitive dependencies are not allowed. Therefore 
we need to run the following command to ensure no such dependencies are 
included.
+
+```sh
+mvn license:add-third-party -Dlicense.useMissingFile
+find . -name THIRD-PARTY.txt | xargs grep -E 'GPL|General Public License' | 
grep -v Apache | grep -v MIT | grep -v CDDL
+```
+
+If one dependency is dual/multiple licensed, just choose the most permissive 
one.
+
 ### Check binary distribution file content
 
 Unzip apache-dubbo-incubating-${release_version}-bin-release.zip and check:
diff --git a/docs/zh-cn/developers/committer-guide/release-guide_dev.md 
b/docs/zh-cn/developers/committer-guide/release-guide_dev.md
index dbebe51..277f3eb 100644
--- a/docs/zh-cn/developers/committer-guide/release-guide_dev.md
+++ b/docs/zh-cn/developers/committer-guide/release-guide_dev.md
@@ -315,7 +315,18 @@ gpg --verify 
apache-dubbo-incubating-2.6.3-bin-release.zip.asc apache-dubbo-incu
     `diff -r a rc_dir tag_dir`
   - check the top n tag commits, dive into the related files and check if the 
source package has the same changes
 
-### 检查二进制包的文件内容C
+### 检查三方依赖的合规性
+
+按照Apache基金会合规性规定，源码或者是二进制分发包中均不能包含Category 
X的依赖，其中就常见的是包含了GPL/LGPL的依赖，即使是传递依赖也不行。因此在发版的时候需要通过以下的命令进行检查：
+
+```sh
+mvn license:add-third-party -Dlicense.useMissingFile
+find . -name THIRD-PARTY.txt | xargs grep -E 'GPL|General Public License' | 
grep -v Apache | grep -v MIT | grep -v CDDL
+```
+
+如果一个依赖提供了双协议或多重协议，可以选择与Apache最兼容的一个协议。
+
+### 检查二进制包的文件内容
 
 解压缩`apache-dubbo-incubating-${release_version}-bin-release.zip`，进行如下检查: