md5/sha sigs look fine. pgp sig also looked good though see below.

   - no KEYS file so no way to verify the gpg signature ( unless one downloads 
an unverified key from a public server )
   - bin tarball should untar into an apache-toree-incubating or apache-toree 
directory, source tarball untars into ./ - should be fixed to use a top-level 
dir IMO. 
   - Something to check on - are the copyrights needed in the NOTICE file or 
the LICENSE file? I am not too sure if there are needed in the NOTICE file. 
   - licenses/LICENSE-jline.txt seems to have some html but not the actual 
license content. Did not look at all the files so folks should re-check those. 
   - Most projects tend to have one license file per license type and not a 
license file per dependency - with the copyrights called out in the main 
LICENSE file I believe. 
   - source tarball seems to have too many licenses. Unless 
jline/scala,asm.ammonite, etc  are bundled into the source tarball, they do not 
need to be called out in the LICENSE and/or NOTICE file. 
   - bunch of markdown files without a license header
   - there are a bunch of test jars checked into the source. Is there ALv2 
provenance for all of them (including the sparkr tarball )? 

Vote thread has a bahir related typo. 

— Hitesh

> On Oct 11, 2016, at 12:16 PM, Gino Bustelo <> wrote:
> Please vote to approve the release of the following candidate as
> Apache Toree version 0.1.0
> The commit to be voted on is 119bf3e2d1d16986f55802cf2323e8629ea25ef8
> <>
> <>
> All distribution packages, including signatures, digests, etc. can be found 
> at:
> *
> <>*
> The vote is open for at least 72 hours and passes if a majority of at least
> 3 +1 PMC votes are cast.
> [ ] +1 Release this package as Apache Toree 0.1.0
> [ ] -1 Do not release this package because ...

Reply via email to