Hi, all As we are setting up the release process, I'm investigating how Apache Creadur[1] - the auditing tools - can help us in the release process. This email describes what I found and what I propose. We can discuss together.
First of all, we need to understand audit is very important in a Apache release process. "every ASF release MUST comply with ASF licensing policy. This requirement is of utmost importance and an audit SHOULD be performed before any full release is created.", described by Apache Release Policy[2]. Apache Creadur is such audit tooling to help us. Apache Creadur includes three projects: - Apache Rat audits license headers. It will check if files have Apache License or not, and generate a report. - Apache Tentacles helps to audit in bulk components uploaded to a staging repository. It will check if there is a LICENSE and NOTICE files under each archived source package and compiled package. A HTML report will be generated. - Apache Whisker will generate a correct legal documentation if a package bundles code under several licenses. I propose to use: - Apache Rat to check license headers during the release of the source package. We can develop a program to auto 'read' the report generated by Rat. If the report doesn't find any issues, the release can be continued. Or else, it will be stopped and errors will be returned. - Apache Tentacles to check if every archived package has a LICENSE and a NOTICE file. The check need to be done both in the release of the source package and the release of the compiled package after the artifacts are uploading to a staging repository. Similar as Rat report, we will develop program to auto "read" the report and decide whether there are issues. Apache Whisker is not relevant to us up to now, because we don't have codes under none Apache licenses. ( Correct me if I'm wrong ). In the future, we may need it. Let me know if you have any comments and suggestions to the audit process and tooling. Best regards Daisy Guo [1] http://creadur.apache.org [2] http://www.apache.org/legal/release-policy.html#licensing
