[sigh]Thanks, Mark, though, for your time in checking through the release. I had completely missed that LGPL dependency on XOM, which is really annoying. I need to change some source code to remove that dependency, so the next RC might be delayed til I do that.
I don't think that anything is required in the NOTICE file for the other category-a licenses, because we only reference them as dependencies on Maven, we don't package them up or shade them. However, since I'm gonna have to cut another RC, I may as well add something to the NOTICE file anyway.
And I'll definitely add an entry in NOTICE for that category-b license. I'll double check the src/main/appended-resources/supplemental-models.xml in case there are any other category-b licenses that sneaked in also.
And, finally, I'll also change those javax.* dependencies to use the Geronimo specs modules instead; thanks for that link to them all.
Cheers Dan On 06/06/2011 11:56, Mark Struberg wrote:
Hi Dan! Are you ready for the next iteration? ;) I fear I have to vote -1 on the release. I'm only looking at the sources distribution.zip since this is the only official thing an Apache Software release contains (all other binaries are just nice goodies, but not part of the official release). https://repository.apache.org/content/repositories/orgapacheisis-042/org/apache/isis/isis/0.1.2-RC3-incubating/ 1.) The source zip contains a file apache-rat-0.8-SNAPSHOT.jar. This is nothing which belongs to our source release. I've also deleted it from our SVN repo. The other parts look pretty good so far! * key is fine * sha1 is ok * md5 is ok * rat passes * check on a few random samples for *.properties, pom.xml, *.java all had valid ALv2 headers * LICENSE file is ok A few parts are not 100% ok yet: NOTICE file is ok _IF_ we only ship ALv2 licensed dependencies or category A licenses as noted in [1]. IF we ship differently licensed jar dependencies in our binary distribution or samples or 'shade' them into an own private package within isis, then we must imo also mention those licenses in our NOTICE files. If we only reference those deps via maven, then not. Those are the following files: org.hamcrest:hamcrest-library:jar -> BSD javax.mail -> CDDL asm -> BSD jmock -> BSD style dom4j -> MetaStuff license (BSD style) org.owasp.esapi:esapi -> BSD json -> JSON license (BSD style) org.htmlparser -> CPL-1.0. This worries me a bit, since it falls under the category B (reciprocal) As far as I interpret the cat B section, we must add this to our NOTICE file, isn't? xom:xom -> LGPL -> BLOCKER this is a catX license which we must not depend upon! This seems to come as transitive dependency from org.owasp.esapi:esapi. Can we exclude xom:xom without breaking functionality? There are also a few javax.* dependencies from the java.net repo. Usually those packages are CDDL, thus we should replace them with packages from geronimo-specs [2] You can easily check the dependencies yourself too with $> mvn dependency:list LieGrue, strub PS: sorry that you have to do a release run once again, but if it helps: doing a proper review is not much less work :D [1] http://www.apache.org/legal/3party.html [2] http://repo1.maven.org/maven2/org/apache/geronimo/specs/ --- On Mon, 6/6/11, Dan Haywood<[email protected]> wrote:From: Dan Haywood<[email protected]> Subject: Re: [VOTE] Apache Isis release candidate 0.1.2-RC3-incubating To: [email protected] Date: Monday, June 6, 2011, 7:27 AM On 05/06/2011 11:25, Mike Burton wrote:1. When I built the quickstart archetype, as perQuickstart Guide...I needed to run mvn in a directory that doesn't have apom.xml in it, as per your earlier suggestion, does this need documenting?ie when I did: mvn archetype:generate \ -DarchetypeGroupId=org.apache.isis \-DarchetypeArtifactId=quickstart-archetype \-DgroupId=com.mycompany \-D artifactId=myapp I got: Failed to validate POM for projectcom.agilejava.docbkx:docbkx-maven-plugin at Artifact [com.agilejava.docbkx:docbkx-maven-plugin:pom:2.0.8]So I did mkdir tmp; cd tmp thenrepeated the above, all good. I've added a sentence to the site's (on both where-to-start.apt and quickstart.apt).2. When I ran the quickstart achetype Quickstart Guide says cd quickstart, but actually needto cd examples/quickstartExploring this, the Quickstart Guide saysToDoItem.java is in the dom module. It is in examples/quickstart/dom/src/main/java/dom/todo/ToDoItem.javawhich is pretty much obvious.Yeah, it's pretty obvious. But I've added a note to say that ToDoItem.java is in src/main/java (on quickstart.apt). Thanks again for reviewing the release. Dan
