Hi all, As mentioned on the release voting thread, there was a Slack discussion around our LICENSE and NOTICE file likely being outdated because they haven't been actively kept up to date since graduation. I suggested on the vote thread that we proceed with the current release, but consider it a blocker for the next release.
Mentor input on this (and how other projects handle it), would be greatly appreciated. This discussion should result in JIRAs that are brought back to the thread, so we can make sure to track this. For context, in addition to the standard L&N management, when we build artifacts we shade a lot of jars into a uberjars, thus bundling dependencies. However, our current releases are source only, but publishing convenience binaries came up in the 1.0 roadmap thread. I think there are a few things that need to happen to correct our current issue and make this easier in the future. 1) Get the LICENSE and NOTICE files up to date 2) Document the process we went through getting things up to date and (just as importantly) the reasoning behind it. 3) Update the PR checklist to include LICENSE and NOTICE files for new (and transitive) dependencies. 4) Update or add any processes we need to maintain this properly (e.g. release auditing) 5) Possibly build tooling for making some of this auditing easier (or use existing tool if anyone has suggestions)? Are there any other steps I'm missing that need to go into JIRAs? Any other concerns regarding these files that need to be addressed? Any other context I'm missing and that belongs in this discussion?
