On Thu, Jul 16, 2015 at 9:59 AM, Cédric Champeau <cedric.champ...@gmail.com> wrote:
> Like it or not, it passed the vote. Given the logistics of rolling another RC (even with a shortened window) and the urgency of the release due to security issues, I think this was a decent outcome. That said, contended release votes are extremely rare at Apache, and the release contains some licensing glitches which would ordinarily merit a respin in my judgment. I considered voting +1 but in the end decided to abstain. > (especially because as we said, the License file > contains more, but not less, than required), This is not quite the case. There were some bundled dependencies whose licenses were not noted in the top-level LICENSE file. This is a licensing documentation bug, rather than a licensing error -- it does not make distribution illegal, but it might lead to a downstream consumer failing to uphold the conditions of the omitted licenses. For example, they may fail to give proper attribution in a binary redistribution. Additionally, in the case of normalize.css (hidden inside stylesheet.css) and FileNameCompleter.groovy, an Apache header was added inappropriately to files containing BSD-licensed and MIT-licensed content. Assuming that the content of those files has never been licensed under the ALv2, this is a licensing error, and it is a judgment call as to whether a reasonable consumer would interpret that header as a mistake. > and as > Paul said, all jars produces *do* have them. Indeed -- I only spot checked, but that's what I saw as well. Marvin Humphrey --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org