Hi, On Sun, Jun 7, 2015 at 5:48 PM, Cédric Champeau <[email protected]> wrote: > ...The artifacts to be voted on are located here: > http://people.apache.org/~cchampeau/groovy/ ...
Thanks for preparing this - I'm not voting on http://people.apache.org/~cchampeau/groovy/distribution/ on purpose are those binaries are not part of an Apache Release of Groovy - so reviewing only http://people.apache.org/~cchampeau/groovy/sources/ as per the release checklist at http://incubator.apache.org/guides/release.html - so this file: SHA1(apache-groovy-src-2.4.4-incubating.zip)= e0f07e4bdd4c47b80638021f676a6120e948ac86 For now I'm -1 on the release, until the following issues are fixed: 1) JavadocFixTool.java looks problematic, discussed elsewhere in this thread 2) A large number of *.adoc files are missing the Apache license header. 3) The source release contains the following binaries (along with other things like images which are ok), we need to clarify whether they are required and what makes them safe to be included, if that's the case: ./security/GroovyJarTest.jar ./security/groovykeys ./src/bin/groovy.icns ./src/test-resources/jars/module-test/module-test/1.0.7225-test/module-test-1.0.7225-test.jar ./src/test-resources/jars/module-test/module-test/1.2-test/module-test-1.2-test.jar 4) (not blocking the release) AFAICS the 758AAD6F key used to sign the code archive is not signed by anyone, I suggest that a few PPMC members sign it before the next release. 5) (not blocking the release) IMO the NOTICE can be smaller and stop at "This product includes software developed at The Apache Software Foundation (http://www.apache.org/)", unless any of the currently present notices are required by the owners of the respective dependencies. This does not block the release IMO and can be discussed before the next one. Nothing dramatic, but these things need to be addressed. -Bertrand
