Regarding: > I cannot read the tar.gz files with my normal tools (hexdump shows > that they are in RAR format), and the hashes have got spurious lines > in them which break automated checkers.
Looks like you guys are a) building the release packages on Windows, and b) using Microsoft's FCIV tool to generate MD5 and SHA1 hashes. This is something I tried to do at first as well. To get a standard output for that, you should use the standard Unix tools... You can download gnu coreutils binaries compiled for Windows from here: http://s.apache.org/rV Install that package, and use the included md5.exe/sha1.exe programs to generate your checksums, and it will be exactly Apache's standard for that (instead of messing around with munging the output from FCIV).. Plus you get a bunch of other handy standard unix commandline apps without needingt to install cygwin... Thanks, Troy On Wed, Mar 16, 2011 at 2:25 AM, sebb <seb...@gmail.com> wrote: > On 15 March 2011 11:22, Adelita Padilla <apadi...@maestrodev.com> wrote: >> Hi, >> >> >> On Tue, Mar 15, 2011 at 12:05 PM, sebb <seb...@gmail.com> wrote: >>> >>> On 15 March 2011 03:27, Brett Porter <br...@apache.org> wrote: >>> > >>> > On 14/03/2011, at 10:49 PM, sebb wrote: >>> > >>> >> On 14 March 2011 06:05, Adelita Padilla <apadi...@g2ix.net> wrote: >>> >>> >>> >>> >>> >>> Hi, >>> >>> >>> >>> The Apache NPanday community has approved the 1.3-incubating release >>> >>> and we are now looking for the approval of the IPMC to publish the >>> >>> release. >>> >>> >>> >>> These are the major changes included in this release: >>> >>> >>> >>> * Visual Studio 2010 and .Net 4.0 Framework support >>> >>> * Removal of UAC and PAB directories >>> >>> >>> >>> >>> >>> Subversion tag: >>> >>> >>> >>> https://svn.apache.org/repos/asf/incubator/npanday/tags/npanday-1.3-incubating/ >>> >> >>> >> NOTICE file still says 2011 >>> > >>> > Fixed in SVN. Not a blocker for the release, I imagine. >>> > >>> >> >>> >> There is no DISCLAIMER anywhere I could find. >>> > >>> > Fixed in SVN. Liit, I suggest you add that to the release tarballs and >>> > re-sign them. It seems like overkill to start the release over for this. >> >> >> I've added the DISCLAIMER.txt to the tarballs and I've uploaded them to >> http://people.apache.org/~apadilla >> > > I cannot read the tar.gz files with my normal tools (hexdump shows > that they are in RAR format), and the hashes have got spurious lines > in them which break automated checkers. > > Also the MSI file has not been updated, so presumably its LICENSE file > has not been updated. > >>> >>> > >>> >> >>> >> Nor on the website, for that matter, though there is an Incubator logo. >>> > >>> > Top right of >>> > http://incubator.apache.org/npanday/docs/1.3-incubating/index.html and >>> > http://incubator.apache.org/npanday/index.html ? >>> >>> Yes, the logos are (still) there. >>> >>> > I'm assuming you were looking at the old docs from the last release >>> > currently linked from the site (since it was rolled back), which points >>> > out >>> > it came from Codeplex. >>> >>> I am looking at the current website. >>> The pages you mention above have the Incubator logo, but no disclaimer >>> that I could find. >>> >>> For an example of how it can be done, see: >>> http://incubator.apache.org/rat/ >>> The first paragraph starts: "Apache RAT is an effort undergoing >>> incubation at The Apache Software Foundation (ASF) ..." >>> >> >> I've redeployed the website and it now contains the disclaimer, see: >> http://incubator.apache.org/npanday/ > > OK, looks fine. > >>> >>> >> >>> >> I think this is a blocker. >>> >> >>> >>> >>> >>> Staging repository: >>> >>> http://vmbuild.apache.org/archiva/repository/staged-npanday/ >>> >>> >>> >>> >>> >>> Distribution files are located here: >>> >>> http://people.apache.org/~apadilla/npanday/1.3-incubating/ >>> >> >>> >> The key is registered with public servers, but the name etc. should >>> >> ideally have some reference to Apache: >>> >> >>> >> gpg: searching for "0X7580DCDB" from hkp server pgp.mit.edu >>> >> (1) apadilla (adelita) <apadi...@maestrodev.com> >>> >> 2048 bit RSA key 7580DCDB, created: 2011-01-14 >>> >> >>> >> I cannot find the KEYS file. >>> > >>> > https://svn.apache.org/repos/asf/incubator/npanday/project/KEYS >>> > http://www.apache.org/dist/incubator/npanday/KEYS >> >> >> Added apadi...@apache.org to >> http://www.apache.org/dist/incubator/npanday/KEYS > > OK. > >> >>> >>> Thanks, found that later. It would help to include the link in VOTE >>> emails. >>> >>> > I don't think all users mention Apache, but it'd be good for Liit to add >>> > her ASF email address onto the key and resubmit it. >>> > >>> >> >>> >> The repository-builder files seem to contain chunks of a repository, >>> >> and contain many non-ASF files. It's not clear if these all have >>> >> compatible licences, and anyway they don't seem to be mentioned in the >>> >> LICENSE file (or NOTICE, where necessary). >>> >> >>> >> Potential blocker. >>> >> >>> >> The MSI file also contains lots of 3rd party jars. >>> > >>> > I referenced this here: http://markmail.org/message/sjlmw66a76phyn25 >>> > >>> > It's not ideal, but they are all redistributable in accordance with the >>> > legal policy. >>> >>> Do any of them require attribution in the NOTICE file? > > It appears that NUnit does (from updated LICENSE.txt): > > "If you use this software in a product, an acknowledgment (see > the following) in the product documentation is required." > >>> >>> Unless they all use the Apache Licence 2.0, then their licences need >>> to be added to LICENSE.txt. >>> In any case, the products should probably be mentioned in LICENSE.txt > > I see you have added the NUnit license to LICENSE.TXT. > However, that requires attribution (see above) > > dotnet repository builder includes JUnit, which uses the CPL, but its > license is not in LICENSE.txt. > > npanday repository builder (and the MSI) include lots of 3rd party > software components which use something other than AL 2.0. > Possibly some of those components require attribution as well. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
