+1 (binding) Review focused on the source release mechanics specifically around build/licensing.
Signature checks out w/SHA512 Hashes all check out Verified last meaningful commit in specific tag found in source. Full clean build as per instructions found in readme worked perfectly. Commentary: [Minor - for next release - might not be true] In source LICENSE. "This product includes json2.js (https://github.com/douglascrockford/JSON-js - Public Domain license) by Douglas Crockford". Should be in notice. This doesn't alter the LICENSE but is worth referencing in the NOTICE as per attribution guidance in http://www.apache.org/legal/resolved.html#can-works-placed-in-the-public-domain-be-included-in-apache-products which refers to http://www.apache.org/legal/resolved.html#category-a [Minor - for next release - might not be true] In source LICENSE. "This product includes Font Awesome 3.2.1 (http://fontawesome.io/ - SIL Open Font License (OFL) licensee) by Dave Gandy" This should be in the NOTICE and not LICENSE. Such a dependency (Category B) should only be a binary dependency unless in source release it meets this exception "small amounts of source that is directly consumed by the ASF product at runtime in source form, and for which that source is unmodified and unlikely to be changed anyway (say, by virtue of being specified by a standard), inclusion of appropriately labeled source is also permitted" as stated in http://www.apache.org/legal/resolved.html#category-b [Minor - for next release] In source license several references are made to ASL V2 items. These references belong in NOTICE and only if there is information worth carrying forward. The Copyright is good to include so those belong in NOTICE. [Minor - for next release] In source LICENSE. The 'visualsearch license' is referenced. This should say something like "This product bundles 'VisualSearch.js 0.4.0' which is available under an MIT style license." then include license text w/copyright. Or just put it up in the already present MIT license listing you have. [Minor - for next release] In source license. The requires-handlebar-plugin. As per text at bottom of readme (https://github.com/SlexAxton/require-handlebars-plugin) Nice job catching the 'handlebars.js' listing and putting under MIT licenses (with proper copyright) and the 'require.js'. But, it appears the require.js listing under MIT licenses has incorrect copyright. It should be "Copyright (c) 2010-2012, The Dojo Foundation All Rights Reserved." as found in (./security-admin/target/security-admin-web-0.6.0/libs/bower/requirejs/js/require.js) for example. On Fri, Jul 15, 2016 at 1:05 AM, Velmurugan Periasamy <v...@apache.org> wrote: > Incubator PMC: > > Apache Ranger community has voted on and approved a proposal to release > Apache Ranger 0.6.0 (incubating). > > [VOTE RESULT] thread: > > https://lists.apache.org/thread.html/c21a99659362bcd2fef0119d9937b9ab245c99400902cf75a7e77910@%3Cdev.ranger.apache.org%3E > > Apache ranger-0.6.0-rc1 release candidate is now available with the following > artifacts up for IPMC vote. I kindly request that the Incubator PMC members > review and vote on this incubator release. > > Git tag for the release: > https://github.com/apache/incubator-ranger/tree/ranger-0.6.0-rc1 > Sources for the release: > > https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz > Source release verification: > PGP Signature: > > https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz.asc > MD5/SHA Hash: > > https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz.mds > Keys to verify the signature of the release artifact are available at: > https://dist.apache.org/repos/dist/release/incubator/ranger/KEYS > > Release Notes: > https://cwiki.apache.org/confluence/display/RANGER/0.6.0+Release+Notes > Build verification steps can be found at: > http://ranger.incubator.apache.org/quick_start_guide.html > > The vote will be open for at least 72 hours or until necessary number of > votes are reached. > [ ] +1 approve > [ ] +0 no opinion > [ ] -1 disapprove (and reason why) > > Here is my +1 (non binding). > > Thank you, > Vel --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
