[
https://issues.apache.org/jira/browse/TOREE-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15582357#comment-15582357
]
Gino Bustelo commented on TOREE-350:
------------------------------------
Comments from Hitesh
- no KEYS file so no way to verify the gpg signature ( unless one downloads
an unverified key from a public server )
- bin tarball should untar into an apache-toree-incubating or apache-toree
directory, source tarball untars into ./ - should be fixed to use a top-level
dir IMO.
- Something to check on - are the copyrights needed in the NOTICE file or
the LICENSE file? I am not too sure if there are needed in the NOTICE file.
- licenses/LICENSE-jline.txt seems to have some html but not the actual
license content. Did not look at all the files so folks should re-check those.
- Most projects tend to have one license file per license type and not a
license file per dependency - with the copyrights called out in the main
LICENSE file I believe.
- source tarball seems to have too many licenses. Unless
jline/scala,asm.ammonite, etc are bundled into the source tarball, they do not
need to be called out in the LICENSE and/or NOTICE file.
- bunch of markdown files without a license header
- there are a bunch of test jars checked into the source. Is there ALv2
provenance for all of them (including the sparkr tarball )?
> Address comment on 0.1.0 rc2
> ----------------------------
>
> Key: TOREE-350
> URL: https://issues.apache.org/jira/browse/TOREE-350
> Project: TOREE
> Issue Type: Bug
> Reporter: Gino Bustelo
> Fix For: 0.1.0
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
