Hi, +0 binding until MPL issue clarified, then I’ll change my vote to +1.
But there a few other things that need to be fixed for next release. I checked - Release does’t contain incubating in release name. - Signatures and hash good (but could be improved) - DISCLAIMER exists - Year range in NOTICE file is incorrect - NOTICE file has minor issues (see below) - LICENSE file also have a few minor issues - All source file have Apache headers - No unexpected binaries in source release - Can compile from source The LICENSE notes that you using JQuery Pine Notify which is triple licensed under GPL, LGPL and MPL. MPL is a category B license and as such needs to be handled with care [6]. However I’m not sure that it is actually bundled in the software - can you confirm this. If it is not it can be removed from the LICENSE. Permissive licenses such as Apache and MIT do not normally get mentioned in the NOTICE file [4] as the NOTICE file places a burden on downstream projects can these please be removed. The following seem to be missing from the LICENSE - font awesome (MIT + SIL) see security-admin/src/main/webapp/fonts/fontawesome/fontawesome-webfont.svg and ranger-0.5.0/security-admin/src/main/webapp/fonts/fontawesome/FontAwesome.* + ranger-0.5.0/security-admin/src/main/webapp/fonts/fontopensans/open-sans* - backbone forms (MIT) see ranger-0.5.0/security-admin/src/main/webapp/libs/bower/backbone-forms/* - select2 (MIT) see security-admin/src/main/webapp/libs/bower/select2/select2.css - bootstrap (MIT) see ranger-0.5.0/security-admin/src/main/webapp/themejs/1.3.0/bootstrap.min.js - QUnit (MIT) see security-admin/src/main/webapp/libs/bower/globalize/test/qunit/qunit.js - jsDump (BSD -part of QUnit) see security-admin/src/main/webapp/libs/bower/globalize/test/qunit/qunit.js - Sizzle.js (part of jQuery) see security-admin/src/main/webapp/libs/bower/globalize/examples/browser/jquery-1.4.4.js Also VisualSearch.js could be placed with the other MIT licenses. There is also no need to list Apache licensed software in LICENSE, however it’s not an licensing error, and up to you if you want to leave them there. For the next release can you please fix the following: - Add incubating to the release name [1] - Place the release in the correct place [2][3] - Put the contents of hashes in a standard format (making it easier to check) - Consider adding apache to release artefact name - Correct years in NOTICE file - Remove unnecessary information from NOTICE - Add missing licenses to LICENSE Note that the first two items are marked as MUST in the incubator policy. Thanks, Justin 1.http://incubator.apache.org/incubation/Incubation_Policy.html#Releases 2. http://www.apache.org/dist/incubator/ranger/ 3. http://incubator.apache.org/incubation/Incubation_Policy.html#Releases 4. http://www.apache.org/dev/licensing-howto.html#permissive-deps 5. http://www.apache.org/legal/resolved.html#category-b --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
