Gino Bustelo commented on TOREE-350:

Comments from Hitesh
   - no KEYS file so no way to verify the gpg signature ( unless one downloads 
an unverified key from a public server )
   - bin tarball should untar into an apache-toree-incubating or apache-toree 
directory, source tarball untars into ./ - should be fixed to use a top-level 
dir IMO.
   - Something to check on - are the copyrights needed in the NOTICE file or 
the LICENSE file? I am not too sure if there are needed in the NOTICE file.
   - licenses/LICENSE-jline.txt seems to have some html but not the actual 
license content. Did not look at all the files so folks should re-check those.
   - Most projects tend to have one license file per license type and not a 
license file per dependency - with the copyrights called out in the main 
LICENSE file I believe.
   - source tarball seems to have too many licenses. Unless 
jline/scala,asm.ammonite, etc  are bundled into the source tarball, they do not 
need to be called out in the LICENSE and/or NOTICE file.
   - bunch of markdown files without a license header
   - there are a bunch of test jars checked into the source. Is there ALv2 
provenance for all of them (including the sparkr tarball )?

> Address comment on 0.1.0 rc2
> ----------------------------
>                 Key: TOREE-350
>                 URL: https://issues.apache.org/jira/browse/TOREE-350
>             Project: TOREE
>          Issue Type: Bug
>            Reporter: Gino Bustelo
>             Fix For: 0.1.0

This message was sent by Atlassian JIRA

Reply via email to