[
https://issues.apache.org/jira/browse/SOLR-15465?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360332#comment-17360332
]
Dawid Weiss commented on SOLR-15465:
------------------------------------
Such a file will quickly go out of sync. Here you have an automated system that
verifies if all the required files are in place (and no longer used, redundant
files are causing build errors). I'm not sure what the advantage is of doing
this for only the "shipped" JARs... The hash checksums serve an additional role
of verifying that you indeed downloaded what was supposed to be downloaded.
> Do not require LICENSE and NOTICE files for test-dependencies
> -------------------------------------------------------------
>
> Key: SOLR-15465
> URL: https://issues.apache.org/jira/browse/SOLR-15465
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Build
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
>
> Our current build (and the ant build before it) checks that every single jar,
> even test dependencies, have a .sha1 file in licenses/ folder along with a
> LICENSE file and optinally a NOTICE file.
> However, according to [https://infra.apache.org/licensing-howto.html] we only
> need to supply LICENSE/NOTICE files for bits we ship, either as copy/pasted
> source code in the source dist or jar deps in the binary dist.
> Thus, I think we can stop shipping those LICENSE/NOTICE files for deps that
> we never distribute. Perhaps the sha1 files should remain for extra
> validation of binaries pulled from mvn, I don't know.
> [~dsmiley] [~dweiss]
> This probably goes for the Lucene build too.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
