[
https://issues.apache.org/jira/browse/RAT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18040045#comment-18040045
]
PJ Fanning commented on RAT-523:
--------------------------------
Thanks [~pottlinger] for the quick response.
I'm part of the Incubator PMC and also a mentor on a number of podlings. Some
of us in this position are a bit overwhelmed by RCs and I'm not quite sure how
quickly it will be before we get everyone using Apache trusted releases. We
might need something to tide us over till then.
> extension to do full check of source release tar/zip
> ----------------------------------------------------
>
> Key: RAT-523
> URL: https://issues.apache.org/jira/browse/RAT-523
> Project: Apache RAT
> Issue Type: Improvement
> Components: Tools
> Reporter: PJ Fanning
> Priority: Major
>
> We might be able to get people from outside the RAT team involved so this
> isn't a request for you to do work, more of a request for a home for this
> feature.
> The Rat tool is useful and is regularly used. But an extension might have
> these features.
> * starts with the source release tar/zip and checks its name includes
> 'apache' and 'incubating' for Incubator podlings
> * checks the checksum file is valid for the tar/zip
> * checks the signing of the tar/zip
> * checks that there are LICENSE and NOTICE files and maybe even does some
> basic checks on them
> * for Incubator releases, checks there is a DISCLAIMER or DISCLAIMER-WIP
> * also runs the existing Rat checks for source headers and binary files
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
