+1 (binding) I checked licenses, notices, built on Ubuntu 14.04 JDK 1.8, checked signatures.
I also had fun learning about the WTFPL. I am shocked (SHOCKED!) that you can use words like that on a software distro. I concur with all of the issues Josh raised, especially the RAT exclusions. Keep the RAT exclusions to a minimum (which unfortunately mean that you can only run RAT on a pristine sandbox), and you won't accidentally ship stuff like your .idea project. Also, I ran into https://issues.apache.org/jira/browse/RANGER-1103, a couple of undocumented steps in the build process. It must be fixed before next release. Julian On Fri, Jul 15, 2016 at 8:42 AM, Josh Elser <els...@apache.org> wrote: > Hi, > > +1 (binding) with reservations. > > * xsums/sigs match > * KEYS contains necessary sig > * DISCLAIMER present > * Verified (lack of) NOTICE files for bundled ASLv2 code for all but one > case. See next section for the issue. > * Was able to build and run tests > * Ran rat-check > > Now, all of the below should be addressed before your next release. Please > reach out with how/where you track these so I can follow the podling's > progress on the fixes. > > * Re: copying NOTICE from your ASL bundlings: I did find > https://github.com/spring-projects/spring-security/blob/master/notice.txt > which, I believe, your NOTICE file should also be including. (ps this is > from your PasswordComparisonAuthenticator.java file from spring-security). > Was this an omission or am I looking at the wrong version of the > spring-security project from which you copied the file? > * Did you intend for the .idea directory to be included with your > source-release? Some extraneous. > * LICENSE contains unnecessary ASLv2-licensed references. Remove them before > the next release (repeat of Joe) > * Backbone.Marionette LICENSE entry omits Copyright information (as the > others have present) > * ./security-admin/src/main/webapp/libs/bower/esprima/esprima.js is BSD > licensed but does not appear in LICENSE (best as I can tell) > * ./security-admin/src/main/webapp/libs/bower/jquery-ui/css/jquery-ui.css is > MIT licensed an does not appear in LICENSE (best as I can tell) > * Why does hive-agent/derby.log exist? It looks like this is an artifact > created during testing (it doesn't exist in your source tree, and was > created on my build). You should move this into target/ and not distribute > it with your source-release. > * Again, echo'ing Joe, I'm not sure what to say about > ./security-admin/src/main/webapp/fonts. Are they OK to redistribute in this > binary form as a Category-B (what is the source form of a Font? Is this > something to worry about?). > * Why don't the following have ASL headers? > - > ugsync/ldapconfigchecktool/ldapconfigcheck/dependency-reduced-pom.xml > - ./security-admin/src/main/webapp/robots.txt > > Some nit-picky things/recommendations: > > * I would recommend going through your apache-rat-plugin exclusions list and > try to prune out as much as possible. There are a few exclusions which gave > me pause (but do contained licensed files), e.g. '**/bin/**', > '**/test/resources/**'. The rat-plugin should be your friend. > * The MIT License section of your LICENSE file has "MIT License" on every > line which seems unnecessary to me :) > > - Josh > > Velmurugan Periasamy wrote: >> >> Incubator PMC: >> >> Apache Ranger community has voted on and approved a proposal to release >> Apache Ranger 0.6.0 (incubating). >> >> [VOTE RESULT] thread: >> >> https://lists.apache.org/thread.html/c21a99659362bcd2fef0119d9937b9ab245c99400902cf75a7e77910@%3Cdev.ranger.apache.org%3E >> >> Apache ranger-0.6.0-rc1 release candidate is now available with the >> following artifacts up for IPMC vote. I kindly request that the Incubator >> PMC members review and vote on this incubator release. >> >> Git tag for the release: >> https://github.com/apache/incubator-ranger/tree/ranger-0.6.0-rc1 >> Sources for the release: >> >> https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz >> Source release verification: >> PGP Signature: >> >> https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz.asc >> MD5/SHA Hash: >> >> https://dist.apache.org/repos/dist/dev/incubator/ranger/0.6.0-incubating-rc1/apache-ranger-incubating-0.6.0.tar.gz.mds >> Keys to verify the signature of the release artifact are available at: >> https://dist.apache.org/repos/dist/release/incubator/ranger/KEYS >> >> Release Notes: >> >> https://cwiki.apache.org/confluence/display/RANGER/0.6.0+Release+Notes >> Build verification steps can be found at: >> http://ranger.incubator.apache.org/quick_start_guide.html >> >> The vote will be open for at least 72 hours or until necessary number of >> votes are reached. >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >> >> Here is my +1 (non binding). >> >> Thank you, >> Vel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
