Hi - > On Jun 12, 2017, at 3:34 PM, Justin Mclean <jus...@classsoftware.com> wrote: > > Hi, > >> Are there some files that are being caught by RAT? If so, what are they? > > I mentioned them in my vote email. [1] 3 patch files don’t have ASF headers.
We may need to revisit the project’s preferred way of doing this. From what I recall of the legal-discuss along with hallway discussions at Apachecon there is more than one way. Justin - you did state that you consider this acceptable for this release and that we can clean it up for the next. I suggest that we take care of this immediately after the release. > >> IMO, the main thing folks want from Maven are the JARs which aren't an >> official ASF release anyway. Seems like we should vote on a source >> package, then set any version numbers and have Maven build the final jars >> from there. The differences in the source should only be in POMs and >> other configs right? > > Which is IMO not permitted by ASF release policy as the binary connivance > releases need to be made from the tagged source release. [2] (and elsewhere) AFAIK this is correct. Renaming the artifact is ok but the convenience binaries should always be made from the tagged release. Note that different versions of JAVA on different OS may produce slightly differing Jars from the same source code. We will need to trust the release manager who signs with their personal key that this is correctly done. Regards, Dave > > Thanks, > Justin > > 1. > https://lists.apache.org/thread.html/47ad4369d92791280f8cdfb0d1e208cafb7d58860f0f743b54a76599@%3Cdev.flex.apache.org%3E > > <https://lists.apache.org/thread.html/47ad4369d92791280f8cdfb0d1e208cafb7d58860f0f743b54a76599@%3Cdev.flex.apache.org%3E> > 2. http://www.apache.org/legal/release-policy.html#compiled-packages > <http://www.apache.org/legal/release-policy.html#compiled-packages> >
signature.asc
Description: Message signed with OpenPGP
