On 18 March 2011 22:02, Tom White <tom.e.wh...@gmail.com> wrote: > On Fri, Mar 18, 2011 at 10:30 AM, sebb <seb...@gmail.com> wrote: >> On 18 March 2011 16:43, Stefan Bodewig <bode...@apache.org> wrote: >>> On 2011-03-18, sebb wrote: >>> >>>> But the main issue is that the binary distribution contains lots of >>>> 3rd party products which are not mentioned in either the NOTICE file >>>> or the LICENSE file. >>> >>> They likely are supposed to be in the - unfortunately empty - license >>> files inside the lib directory. >>> >>>> Whether it requires attribution or not, 3rd party product licenses >>>> must be recorded in the LICENSE file. > > Right, we definitely need to fix this, per > http://incubator.apache.org/guides/releasemanagement.html#best-practice-license. > >>> >>>> The standard method is to include the text in the file, but it may be >>>> allowable to just include a pointer to the license elsewhere in the >>>> distribution. >>> >>> This pointer is missing, you are correct. >>> >>>> I think these issues are sufficient to block the release. >>> >>> Of the binary "convenience build". If the whirr project wanted to >>> release the source tarball alone, the problems you have found wouldn't >>> apply. The source tarball looks good to me. >> >> The NOTICE file includes attributions for two products that are not present. >> AIUI it's important that NOTICE only contains *required* attributions >> because the NOTICEs have to passed on to downstream users. > > Both products are present (jsr250-api-1.0.jar and jersey-core-1.4.jar)
Sorry, it was not clear - I was referring to the source tarball, which does not contain any 3rd party libraries. > and these are the only ones that contain required attributions (as far > as I can tell). So I believe the NOTICE file is correct. It may be for the binary release, but if it is decided to release source only, it is not correct. >> >> The ------------ divider lines should be removed (not a blocker) and >> the year should be updated. >> >> Also, the lib directory is full of licence files for products that are >> not present. >> It's not necessary for everything in SVN to be in the source archive, >> though everything in the source archive must be in SVN (or be >> derivable directly from it) >> This is confusing. > > It looks like the old LICENSE files in lib were mistakenly not removed > when the JAR versions were updated (e.g. guava-r06-LICENSE.txt -> > guava-r08-LICENSE.txt) or removed since the last release. I agree this > is confusing and they should be removed. > > Thanks for taking the time to check the release candidate. > > Cheers, > Tom > >> >>> Stefan >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >>> For additional commands, e-mail: general-h...@incubator.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org >> For additional commands, e-mail: general-h...@incubator.apache.org >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
