Hi Michael,
I am drafting the specs as much as I can.
you can find it over here:
https://github.com/apache/incubator-openwhisk-release/pull/15
or on my fork:
https://github.com/houshengbo/incubator-openwhisk-release/tree/draft-plan
Best wishes.
Vincent Hou (侯胜博)
Advisory Software Engineer, OpenWhisk Contributor, Open Technology, IBM
Cloud
Notes ID: Vincent S Hou/Raleigh/IBM, E-mail: s...@us.ibm.com,
Phone: +1(919)254-7182
Address: 4205 S Miami Blvd (Cornwallis Drive), Durham, NC 27703, United
States
From: Michael Marth <mma...@adobe.com.INVALID>
To: "dev@openwhisk.apache.org" <dev@openwhisk.apache.org>
Date: 01/25/2018 10:43 AM
Subject: Re: Using Apache Creadur to audit in the release process
Hi Daisy,
Tangential question (sorry): is there a wiki or GH page describing the
overall plan for releases? I am especially interested in the Travis part,
but would be great to see the full picture.
Thanks!
Michael
On 25/01/18 15:04, "Ying Chun Guo" <guoyi...@cn.ibm.com> wrote:
Hi, all
As we are setting up the release process, I'm investigating how Apache
Creadur[1] - the auditing tools - can help us in the release process. This
email describes what I found and what I propose. We can discuss together.
First of all, we need to understand audit is very important in a Apache
release process. "every ASF release MUST comply with ASF licensing policy.
This requirement is of utmost importance and an audit SHOULD be performed
before any full release is created.", described by Apache Release Policy
[2]. Apache Creadur is such audit tooling to help us.
Apache Creadur includes three projects:
- Apache Rat audits license headers. It will check if files have Apache
License or not, and generate a report.
- Apache Tentacles helps to audit in bulk components uploaded to a
staging repository. It will check if there is a LICENSE and NOTICE files
under each archived source package and compiled package. A HTML report will
be generated.
- Apache Whisker will generate a correct legal documentation if a
package bundles code under several licenses.
I propose to use:
- Apache Rat to check license headers during the release of the source
package. We can develop a program to auto 'read' the report generated by
Rat. If the report doesn't find any issues, the release can be continued.
Or else, it will be stopped and errors will be returned.
- Apache Tentacles to check if every archived package has a LICENSE and
a NOTICE file. The check need to be done both in the release of the source
package and the release of the compiled package after the artifacts are
uploading to a staging repository. Similar as Rat report, we will develop
program to auto "read" the report and decide whether there are issues.
Apache Whisker is not relevant to us up to now, because we don't have
codes under none Apache licenses. ( Correct me if I'm wrong ). In the
future, we may need it.
Let me know if you have any comments and suggestions to the audit
process and tooling.
Best regards
Daisy Guo
[1]
https://urldefense.proofpoint.com/v2/url?u=http-3A__creadur.apache.org&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=LUNmCHjmrhrkjp9ZF9fhwg&m=JUb9mfEl9cRtHgYOrMM3A07G5ZTPwjvr9Ok9zPN0spM&s=8PO1bIlCFxzTwRl134HTfpui88duotT66lYPYdawRcU&e=
[2]
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.apache.org_legal_release-2Dpolicy.html-23licensing&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=LUNmCHjmrhrkjp9ZF9fhwg&m=JUb9mfEl9cRtHgYOrMM3A07G5ZTPwjvr9Ok9zPN0spM&s=FQulTVxLUmkyW1xsBBatCTdL7GSZJAKJCd2izHOGFso&e=
