Hi Daisy,
Tangential question (sorry): is there a wiki or GH page describing the overall
plan for releases? I am especially interested in the Travis part, but would be
great to see the full picture.
Thanks!
Michael
On 25/01/18 15:04, "Ying Chun Guo" <guoyi...@cn.ibm.com> wrote:
Hi, all
As we are setting up the release process, I'm investigating how Apache
Creadur[1] - the auditing tools - can help us in the release process. This
email describes what I found and what I propose. We can discuss together.
First of all, we need to understand audit is very important in a Apache
release process. "every ASF release MUST comply with ASF licensing policy. This
requirement is of utmost importance and an audit SHOULD be performed before any
full release is created.", described by Apache Release Policy[2]. Apache
Creadur is such audit tooling to help us.
Apache Creadur includes three projects:
- Apache Rat audits license headers. It will check if files have Apache
License or not, and generate a report.
- Apache Tentacles helps to audit in bulk components uploaded to a staging
repository. It will check if there is a LICENSE and NOTICE files under each
archived source package and compiled package. A HTML report will be generated.
- Apache Whisker will generate a correct legal documentation if a package
bundles code under several licenses.
I propose to use:
- Apache Rat to check license headers during the release of the source
package. We can develop a program to auto 'read' the report generated by Rat.
If the report doesn't find any issues, the release can be continued. Or else,
it will be stopped and errors will be returned.
- Apache Tentacles to check if every archived package has a LICENSE and a
NOTICE file. The check need to be done both in the release of the source
package and the release of the compiled package after the artifacts are
uploading to a staging repository. Similar as Rat report, we will develop
program to auto "read" the report and decide whether there are issues.
Apache Whisker is not relevant to us up to now, because we don't have codes
under none Apache licenses. ( Correct me if I'm wrong ). In the future, we may
need it.
Let me know if you have any comments and suggestions to the audit process
and tooling.
Best regards
Daisy Guo
[1] http://creadur.apache.org
[2] http://www.apache.org/legal/release-policy.html#licensing
