Hi Dan! Are you ready for the next iteration? ;)
I fear I have to vote -1 on the release. I'm only looking at the sources distribution.zip since this is the only official thing an Apache Software release contains (all other binaries are just nice goodies, but not part of the official release). https://repository.apache.org/content/repositories/orgapacheisis-042/org/apache/isis/isis/0.1.2-RC3-incubating/ 1.) The source zip contains a file apache-rat-0.8-SNAPSHOT.jar. This is nothing which belongs to our source release. I've also deleted it from our SVN repo. The other parts look pretty good so far! * key is fine * sha1 is ok * md5 is ok * rat passes * check on a few random samples for *.properties, pom.xml, *.java all had valid ALv2 headers * LICENSE file is ok A few parts are not 100% ok yet: NOTICE file is ok _IF_ we only ship ALv2 licensed dependencies or category A licenses as noted in [1]. IF we ship differently licensed jar dependencies in our binary distribution or samples or 'shade' them into an own private package within isis, then we must imo also mention those licenses in our NOTICE files. If we only reference those deps via maven, then not. Those are the following files: org.hamcrest:hamcrest-library:jar -> BSD javax.mail -> CDDL asm -> BSD jmock -> BSD style dom4j -> MetaStuff license (BSD style) org.owasp.esapi:esapi -> BSD json -> JSON license (BSD style) org.htmlparser -> CPL-1.0. This worries me a bit, since it falls under the category B (reciprocal) As far as I interpret the cat B section, we must add this to our NOTICE file, isn't? xom:xom -> LGPL -> BLOCKER this is a catX license which we must not depend upon! This seems to come as transitive dependency from org.owasp.esapi:esapi. Can we exclude xom:xom without breaking functionality? There are also a few javax.* dependencies from the java.net repo. Usually those packages are CDDL, thus we should replace them with packages from geronimo-specs [2] You can easily check the dependencies yourself too with $> mvn dependency:list LieGrue, strub PS: sorry that you have to do a release run once again, but if it helps: doing a proper review is not much less work :D [1] http://www.apache.org/legal/3party.html [2] http://repo1.maven.org/maven2/org/apache/geronimo/specs/ --- On Mon, 6/6/11, Dan Haywood <[email protected]> wrote: > From: Dan Haywood <[email protected]> > Subject: Re: [VOTE] Apache Isis release candidate 0.1.2-RC3-incubating > To: [email protected] > Date: Monday, June 6, 2011, 7:27 AM > > On 05/06/2011 11:25, Mike Burton wrote: > > 1. When I built the quickstart archetype, as per > Quickstart Guide... > > I needed to run mvn in a directory that doesn't have a > pom.xml in it, as per your earlier suggestion, does this > need documenting? > > ie when I did: > > mvn archetype:generate \ > > -D > archetypeGroupId=org.apache.isis \ > > -D > archetypeArtifactId=quickstart-archetype \ > > -D > groupId=com.mycompany \ > > -D artifactId=myapp > > I got: > > Failed to validate POM for project > com.agilejava.docbkx:docbkx-maven-plugin at Artifact > [com.agilejava.docbkx:docbkx-maven-plugin:pom:2.0.8] > > So I did mkdir tmp; cd tmp then > repeated the above, all good. > I've added a sentence to the site's (on both > where-to-start.apt and quickstart.apt). > > > > > 2. When I ran the quickstart achetype > > Quickstart Guide says cd quickstart, but actually need > to cd examples/quickstart > > Exploring this, the Quickstart Guide says > ToDoItem.java is in the dom module. It is in > examples/quickstart/dom/src/main/java/dom/todo/ToDoItem.java > > which is pretty much obvious. > > > Yeah, it's pretty obvious. But I've added a note to > say that ToDoItem.java is in src/main/java (on > quickstart.apt). > > Thanks again for reviewing the release. > > Dan > > >
