potiuk commented on issue #153: URL: https://github.com/apache/tooling-trusted-release/issues/153#issuecomment-2969900314
We already include .rat-excludes in the sources of ours (and we use it to verify our releases) so it could be used from there if present, but also defining separate set of (additional) ignore patterns per product would ben nice to have as we might simply want to "Fix" excludes consciously after we released the packages already. It's just a lot of hassle if we prepared a package already and we find out that there is this new single file generated that also should be excluded (but which clearly is ok to release). I am more for case 1. "non-licenced" files than anything else personally. We have quite a number of automatically generated files and we release it together with the sources (often including scripts to re-generate them) because it is simply convenient. And in some cases (convenient packages - for PyPI) - we need to include some generated files so that it could be installed without additional building (this is for minified javascript files for example). And yes - the "incompatible" licences should be a separate ignore with explanation why for each case I think. And also yes - it all should be combined with the few explicit excludes you already have. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tooling.apache.org For additional commands, e-mail: dev-h...@tooling.apache.org
