I agree running rat is important ... I haven't heard any suggestion that such an important tool not be used.
-----Original Message----- From: Rob Weir [mailto:robw...@apache.org] Sent: Monday, September 19, 2011 10:05 To: ooo-dev@incubator.apache.org Subject: Re: A systematic approach to IP review? [ ... ] I think the wiki is fine as a collaboration tool, to list tasks and who is working on them. But that is not a substitute for running scans with the Apache Release Audit Tool (RAT) and working toward a clean report. Think of it this way: 1) We have a list of modules on the wiki that we need to replace. Great. Developers can work on that list. 2) But how do we know that the list on the wiki is complete? How do we know that it is not missing anything? 3) Running RAT against the source is how we ensure that the code is clean In other words, the criteria should be that we have a clean RAT record, not that we have a clean wiki. The list of modules on the wiki is not traceable to a scan of the source code. It is not reproducible. It might be useful. But it is not sufficient. -Rob [ ... ]