-1 due to a LICENSE file that claims that there are category X artifacts in binary distribution
Downloaded artifacts, checked checksums. Checked that contents of src-tar match contents of git at 2d8c4c1d48cfa75b1ec8ba403d188ac3037034ba. Source distribution: Compiled on Linux, JDK 8. Checked DISCLAIMER, LICENSE and NOTICE. Ran RAT. Binary artifacts: Checked DISCLAIMER, LICENSE, NOTICE. The LICENSE file mentions several category X licenses (jboss-marshalling is LGPL, JAXB is GPLv2, STAX is GPLv3, jsr305 is LGPL). I understand that these are optional. But you are distributing some of those category X artifacts (e.g. jars/jsr305-3.0.0.jar), and that is not allowed in an AL distribution. If they are truly optional, you should leave them out of the distro, people can use Crail without them, and can get them if they need them. I think your LICENSE file makes things look worse than they really are. For example, it states that jsr305-3.0.0.jar is LGPL v2.1, whereas com.google <http://com.google/>.code.findbugs:jsr305:3.0.0 is actually AL 2.0[1]. In other cases, the artifacts are dual CDDL/GPL. In any case, if there are any category X items in LICENSE, we cannot distribute. LICENSE file of the source distribution could and should be much shorter than the LICENSE file in the binary distribution, because you are not distributing these things in the source distribution. Julian [1] https://search.maven.org/artifact/com.google.code.findbugs/jsr305/3.0.0/jar > On Nov 17, 2018, at 3:13 AM, Patrick Stuedi <[email protected]> wrote: > > +1 > > + Compiles from source > + Runs from binaries > > Thanks! > -Patrick > > On Thu, Nov 15, 2018 at 5:16 PM Jonas Pfefferle <[email protected]> wrote: > >> Hi all >> >> >> For another round, we prepared a new release to address the issues found >> in >> rc5. This is a call to vote on releasing Apache Crail 1.1-incubating, >> release candidate 6. The following issues has been addressed: >> >> * Add licenses and CREDITS files to binary tarball and jars META-INF >> * Add README to binary tarball >> >> The source and binary tarball, including signatures, digests, etc. can be >> found at: >> https://dist.apache.org/repos/dist/dev/incubator/crail/1.1-rc6/ >> >> The commit to be voted upon: >> >> >> >> https://git-wip-us.apache.org/repos/asf?p=incubator-crail.git;a=commit;h=2d8c4c1d48cfa75b1ec8ba403d188ac3037034ba >> >> The Nexus Staging URL: >> https://repository.apache.org/content/repositories/orgapachecrail-1005/ >> >> Release artifacts are signed with the key AA557B11: >> https://www.apache.org/dist/incubator/crail/KEYS >> >> For information about the contents of this release, see: >> >> https://git-wip-us.apache.org/repos/asf?p=incubator-crail.git;a=blob_plain;f=HISTORY.md;hb=2d8c4c1d48cfa75b1ec8ba403d188ac3037034ba >> or for better readability >> https://github.com/apache/incubator-crail/blob/v1.1-rc6/HISTORY.md >> >> Please vote on releasing this package as Apache Crail 1.1-incubating >> >> The vote will be open for 72 hours (will be extended as needed because of >> weekend). >> >> [ ] +1 Release this package as Apache Crail 1.1-incubating >> [ ] +0 no opinion >> [ ] -1 Do not release this package because ... >> >> Thanks, >> Jonas >> >> >> >> >> >>
