terrymanu commented on PR #38726:
URL: https://github.com/apache/shardingsphere/pull/38726#issuecomment-4547011963
### Decision
- **Merge Verdict: Mergeable**
- **Reviewed Scope:** Latest PR head
`fe36613493b5cdaaad4df31393586664025e73e7` against base
`90408364130a3ea4035872c90e140f15ead91233`; reviewed
`distribution/proxy/src/main/release-docs/LICENSE`,
`distribution/proxy/src/main/release-docs/NOTICE`, proxy/proxy-native
release-doc assembly paths, and Bouncy Castle 1.84 Maven POM/license sources.
- **Not Reviewed Scope:** Full binary release archive was not manually
unpacked; full third-party license inventory was not re-audited; runtime SSL
behavior was not reviewed.
- **Need Expert Review:** No.
### Basis
- The root-cause fix is direct:
`distribution/proxy/src/main/release-docs/LICENSE:360` through
`distribution/proxy/src/main/release-docs/LICENSE:363` now list
`bcpkix-jdk18on`, `bcprov-jdk18on`, `bctls-jdk18on`, and `bcutil-jdk18on` as
`1.84`, matching the current Bouncy Castle dependency version.
- The NOTICE path is consistent:
`distribution/proxy/src/main/release-docs/NOTICE:168` points to the shipped
`licenses/LICENSE-bouncy-castle.txt`.
- Release packaging coverage is consistent: proxy assembly copies
`src/main/release-docs/**/*`, and proxy-native assembly copies `licenses/*`,
`LICENSE`, and `NOTICE`, so the updated release docs are covered by both
distribution shapes.
- Official source validation is consistent: Maven Central POMs for Bouncy
Castle 1.84 show `bcpkix-jdk18on` and `bctls-jdk18on` depending on
`bcutil-jdk18on` 1.84, and `bcutil-jdk18on` depending on `bcprov-jdk18on` 1.84;
the license source is the Bouncy Castle Licence page.
- No blocking regression risk was found: this PR only changes release-doc
metadata and does not touch SQL parser behavior, name resolution, routing, SPI,
runtime hot paths, `ConcurrentHashMap#computeIfAbsent`, config flags, or
database dialect semantics.
### Pre-Merge Checks
- GitHub checks: all 24 check-runs on the latest head completed with no
failures; `Check - License`, `Check - Spotless`, and `Check - CheckStyle` are
all `success`.
- Mergeability: GitHub API reports `mergeable_state` as `clean`.
- Local verification:
- `git diff --check
90408364130a3ea4035872c90e140f15ead91233...apache/pr/38726`: exit code 0.
- NOTICE license path existence check: exit code 0, confirming
`distribution/proxy/src/main/release-docs/licenses/LICENSE-bouncy-castle.txt`
exists.
- `git grep "license/LICENSE\\.bouncycastle"`: no stale Bouncy Castle path
remains.
- Source links used: [bcpkix-jdk18on 1.84
POM](https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk18on/1.84/bcpkix-jdk18on-1.84.pom),
[bctls-jdk18on 1.84
POM](https://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk18on/1.84/bctls-jdk18on-1.84.pom),
[bcutil-jdk18on 1.84
POM](https://repo1.maven.org/maven2/org/bouncycastle/bcutil-jdk18on/1.84/bcutil-jdk18on-1.84.pom),
[Bouncy Castle Licence](https://www.bouncycastle.org/licence.html).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
