md5/sha sigs look fine. pgp sig also looked good though see below.
- no KEYS file so no way to verify the gpg signature ( unless one downloads
an unverified key from a public server )
- bin tarball should untar into an apache-toree-incubating or apache-toree
directory, source tarball untars into ./ - should be fixed to use a top-level
- Something to check on - are the copyrights needed in the NOTICE file or
the LICENSE file? I am not too sure if there are needed in the NOTICE file.
- licenses/LICENSE-jline.txt seems to have some html but not the actual
license content. Did not look at all the files so folks should re-check those.
- Most projects tend to have one license file per license type and not a
license file per dependency - with the copyrights called out in the main
LICENSE file I believe.
- source tarball seems to have too many licenses. Unless
jline/scala,asm.ammonite, etc are bundled into the source tarball, they do not
need to be called out in the LICENSE and/or NOTICE file.
- bunch of markdown files without a license header
- there are a bunch of test jars checked into the source. Is there ALv2
provenance for all of them (including the sparkr tarball )?
Vote thread has a bahir related typo.
> On Oct 11, 2016, at 12:16 PM, Gino Bustelo <g...@bustelos.com> wrote:
> Please vote to approve the release of the following candidate as
> Apache Toree version 0.1.0
> The commit to be voted on is 119bf3e2d1d16986f55802cf2323e8629ea25ef8
> All distribution packages, including signatures, digests, etc. can be found
> The vote is open for at least 72 hours and passes if a majority of at least
> 3 +1 PMC votes are cast.
> [ ] +1 Release this package as Apache Toree 0.1.0
> [ ] -1 Do not release this package because ...