Niall, this is great work and many things for your continued contributions!
I think we need to go through this in detail and writeup about 20 JIRA’s.
Anthony
> On Jan 19, 2016, at 8:07 PM, Niall Pemberton <niall.pember...@gmail.com>
> wrote:
>
> Hi,
>
> Firstly, great job on producing the first RC. From an ASF release PoV, the
> main concerns for me would be gemfire-joptsimple and the binary distro
> NOTICE file and those stop me giving a +1 vote. From a user PoV the
> dependencies in the maven pom look painful, trying to determine which can
> safely be excluded.
>
> 1. Source Distribution
> * I checked the LICENSE, NOTICE & DISCLAIMER files were present
> * The LICENSE file looks good
> * The Copyright in the NOTICE file should be updated to "2015-2016"
> * I ran RAT over the source distro with no exclusions and all looks good
> * After installing Gradle, the source distro built without any issue (ran
> "gradle build")
>
> 2. Binary Distribution
> * I checked the LICENSE, NOTICE & DISCLAIMER files were present
> * The LICENSE file looks good
> * The Copyright in the NOTICE file should be updated to "2015-2016"
> * The NOTICE file in the binary distro should include any NOTICES from
> Apache Licensed dependencies - I found NOTICES for Spring, Netty & Snappy
> and attached details to GEODE-610
>
> 3. Maven Artifacts
> * The ASF frowns upon distributing other open source projects without their
> consent and gemfire-joptsimple (& perhaps gemfire-json) raises concerns.
> Also not re-packaging it means users could face a dependency issue if they
> also use joptsimple. Lastly, "gemfire-joptsimple" could violate someone
> elses mark.
> * pom dependencies look like an issue - see below
> * It would be better if the maven artifacts were named "geode" rather than
> "gemfire"
> * pom files don't have the license header
> * The gemfire-junit-1.0.0-incubating.M1.jar is empty so would be better to
> not create this maven artifact
> * The ".asc" files don't need checksums (".asc.md5" & ".asc.sha1" files)
>
> 4. pom dependencies
> I did a quick scan of the required dependencies for gemfire-core (listed
> below). If I'm building a gemfire client and depend on gemfire-core, do I
> really need all those dependencies? Do I always need them for a gemfire
> member? Looks to me like some of them should be "optional" or "provided" -
> especially some of the logging stuff. From a quick look at some of them:
> * Spring Framework only referenced in CLI & Web, except XmlEntity (uses
> org.springframework.util.Assert) and PdxInstanceImpl (uses
> org.springframework.util.StringUtils)
> * SequenceFile only class to directly reference commons-logging
> * commons-lang only used in hdfs & CLI
> * javax.mail only used in MailManager
> * Jetty only referenced by ManagementAgent & RestAgent, except for
> CumulativeNonDistinctResults
> * Netty only referenced in the redis package
> * Can't find any reference to slf4j
>
> 5. gemfire-core required dependencies
> * antlr
> * commons-io
> * commons-lang
> * commons-logging
> * commons-modeler
> * fastutil
> * findbugs-annotations
> * gemfire-common
> * gemfire-joptsimple
> * gemfire-json
> * hbase
> * jackson-annotations
> * jackson-core
> * jackson-databind
> * jansi
> * javax.activation
> * javax.mail-api
> * javax.servlet-api
> * javax.transaction-api
> * jetty-http
> * jetty-io
> * jetty-security
> * jetty-server
> * jetty-servlet
> * jetty-util
> * jetty-webapp
> * jetty-xml
> * jline
> * jna
> * log4j-api
> * log4j-core
> * log4j-jcl
> * log4j-jul
> * log4j-slf4j-impl
> * mx4j
> * mx4j-remote
> * mx4j-tools
> * netty-all
> * slf4j-api
> * snappy-java
> * spring-aop
> * spring-beans
> * spring-context
> * spring-context-support
> * spring-core
> * spring-data-commons
> * spring-expression
> * spring-shell
> * spring-tx
> * spring-web
> * spring-webmvc
>
> Niall
>
> On Tue, Jan 19, 2016 at 9:53 PM, Nitin Lamba <ni...@ampool.io> wrote:
>
>> This is the first release for Apache Geode, version 1.0.0-incubating.M1.
>> Thanks to all the community members to drive towards this first milestone!
>>
>> It fixes the following issues:
>>
>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12318420&version=12334248
>>
>> *** Please download, test and vote by Wednesday, January 20th, 1700 hrs US
>> Pacific.
>>
>> Note that we are voting upon the source (tag):
>> rel/1.0.0-incubating.M1.RC1
>>
>>
>> https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;a=tag;h=refs/tags/rel/v1.0.0-incubating.M1.RC1
>>
>>
>> Commit ID: e5a7b9aaa82d4c0a04e41febfd515056c4669001
>>
>>
>> https://git-wip-us.apache.org/repos/asf?p=incubator-geode.git;a=commit;h=e5a7b9aaa82d4c0a04e41febfd515056c4669001
>>
>>
>> Source and binary files:
>>
>> https://dist.apache.org/repos/dist/dev/incubator/geode/1.0.0-incubating.M1.RC1/
>>
>> For the first release, the documentation on how to install and use Apache
>> Geode are hosted on pivotal.io:
>> http://geode.docs.pivotal.io
>>
>>
>> Maven staging repo:
>> https://repository.apache.org/content/repositories/orgapachegeode-1000/
>>
>>
>> Geode's KEYS file containing PGP keys we use to sign the release:
>>
>> https://github.com/apache/incubator-geode/blob/release/1.0.0-incubating.M1/KEYS
>>
>>
>> Release Key: pub 4096R/C72CFB64 2015-10-01
>>
>> Thanks,
>> Nitin & Anthony
>>
>>
>> ________________________________
>>
>>
signature.asc
Description: Message signed with OpenPGP using GPGMail
