potiuk edited a comment on issue #15: [RAT-261] Check the source code via Apache RAT to detect license violations URL: https://github.com/apache/creadur-rat/pull/15#issuecomment-550045570 I think the whole discussion started with finding that the licence headers are missing in some of the files in RAT: .travis.yml, .gitignore, BUILD.txt for example. On the other hand it is in pom.xml, and ant-task-examples.xml. So we thought RAT does not use itself to check licences. We had very similar problem in Airflow 1.10.6 rc1 release when one of the files which was not technically part of the sources of the app (was not released in package but it was released as part of the source.zip file) missed a licence. It was not RAT problem but our Docker environment. We actually dropped the release because of that and released 1.10.6rc2 with licence added (and we fixed the mounts in Docker to scan all files). As a new PMC in Airflow I learned that it's my responsibility to not release software without licence headers. So I think it is important to understand if this is intentional to skip those files from the check? I looked through RAT documentation and the only thing I found is > useDefaultExcludes: > > Whether to use the default excludes when scanning for files. The default excludes are: > meta data files for source code management / revision control systems, see SourceCodeManagementSystems > ... It's true by default - but unfortunately there is no explanation what "SourceCodeManagementSystems" actually is (but I guess it is .git, .svn folders). But there is no indication I could find that things like .gitignore or .travis.yml or BUILD.txt will also be ignored. It would be great to understand the reasoning for those exclusions and possibly fix at least the .travis.yml and .gitignore and let RAT check that as well (RAT seems like perfect example that others will probably follow so better to have licence in .travis.yml)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
