Any chance we could start running RAT as part of our CICD builds? I could probably set something up in our private Jenkins if theres not a better option.
—Eric > On Dec 8, 2016, at 11:24 AM, Dan Kirkwood <[email protected]> wrote: > > FYI -- we decided to -1 this based on more license issues.. The > .rat-excludes file previously mentioned has been updated and those > issues resolved. I'll be putting together a RC4 this morning. > > -Dan > > On Sat, Dec 3, 2016 at 4:16 PM, Leif Hedstrom <[email protected]> wrote: >> >>> On Dec 2, 2016, at 5:57 PM, Dan Kirkwood <[email protected]> wrote: >>> >>> Thanks again for the feedback, Leif.. There is a .rat_excludes >>> file at the top level, but it looks like we didn't get it fully >>> populated. The .json files should certainly be excluded.. >> >> Oh, but it was not in the tar-ball, that’s why I couldn’t find it. >> >>> >>> According to the page you referred to earlier, you can use one of >>> several methods to do create the md5 sum: >>> http://www.apache.org/dev/release-signing.html#md5 >>> <http://www.apache.org/dev/release-signing.html#md5> -- as we already >>> are using gpg for signing, I figured that would be safe.. It >>> doesn't matter to me which we use, but we should be consistent, so >>> I'll document what we decide on in the release instructions.. >> >> Yeh, I don’t care (much), as long as you are consistent (it should be part >> of a build script / Makefile target). >> >> The ASCII armor validated fine btw :). >> >>> >>> Easy enough to include sha1 as well :-) >> >> Cool. >> >> Cheers, >> >> — leif >>
