Hi all: OK, so I’ve looked at the guacamole-client package (guacamole-client-0.9.10-incubating.tar.gz), and I don’t think there’s any huge long-term problems, but a few things we need to clarify.
(I’ll just preface this by saying that there’s always some debate around these points, so don’t necessarily take my viewpoint as definitive. I’ll try to point to whatever policy documents we have). - Incubating releases are sometimes given a little slack, but generally must adhere to http://www.apache.org/dev/release.html - Podling releases specifically are described in http://incubator.apache.org/guides/releasemanagement.html First, what Apache releases is source code. So what we’d like to see is a release artifact that is purely source code. A big part of the Apache brand is the assurance that what we release is provably subject to the Apache License, which allows others to use the software liberally. We generally assume that we can’t certify anything that has binaries in it. So, we’d want to have a “source” release artifact that doesn’t have any compiled classes or jar files. We can also distribute “convenience binaries” but the actual release artifact should be purely source code. You may or may not have come across “Apache RAT”, or the Release Auditing Tool. This is part of the Apache Creadur project, and is a very useful tool to check licensing status of files. When I run RAT agains guacamole-client, we can see that the archive is full of compiled classes and a few jar files. That’s going to be a problem for releasing the artifact. Second - JavaScript libraries. I’m not sure what other projects do, but personally I’m not comfortable with distributing libraries in the source distribution. In fact, I’m not a fan of having them in source control. Would it be possible to assemble them into the binary at build time? I’m pretty sure there are artifacts in Maven Central for Angular and JQuery - certainly something like Bower should be an option if not? Third - licensing - The LICENSE file should include all the licenses that apply, not just the Apache license. The idea is to give a downstream user a clear overview of what obligations they’re taking on. I believe I’ve seen a “Guide to constructing LICENSE and NOTICE”, but I don’t have it handy right now. Good start! Cheers, Greg Trasuk (with Mentor hat on).
