Hi,
+0
Considering we use the Work In Progress Disclaimer, I suggest that we
release this version first, and then document these issues and fix
them in a later version. If everyone agrees, I will happily modify my
vote to +1.
I checked:
- incubating in name
- signatures and hashes are fine
-discla
-1 (binding)
Downloaded, checked src-tar contents against git tag [1], checked
LICENSE/NOTICE/README/DISCLAIMER [2], checked signatures/hashes[3], checked for
binaries in src-tar, compiled using OpenJDK 17 and Maven 3.8.1, ran rat.
Everything that I checked looks good. But I’m voting -1 because
Hello Calvin,
It would be great if you can list a few actionable items regarding licensing.
https://github.com/apache/incubator-baremaps/issues/492
I did a pass on almost everything before joining the incubator, and had to
rewrite or find alternatives to all the problematic GPL dependencies. A
Calvin,
You made me think of a license question. With Heron, we kept a separate copy
of all the licenses that were not ALV2 [1]. Is this something that needs to be
done for Baremaps?
1. https://github.com/apache/incubator-heron/tree/master/licenses
- Josh
> On Aug 29, 2023, at 11:04 AM, Cal
I'll find time tomorrow to list specific checks.
BTW, we cannot fully rely on rat to indicate whether the license is compliant.
In addition, regarding the modification of source code dependencies,
we'd better list the specific files in the LICENSE file, otherwise it
is difficult for us to judge whe
On Tue, Aug 29, 2023 at 10:39 PM Josh Fischer wrote:
>
> Right now I’m 0.
>
> I’ve not run across this before, I’m not sure if it’s an issue for the
> release. See gpg output below about the key not being certified. This is
> the reason my vote is 0 at the moment.
> gpg --verify $FILE.asc $FIL
Good to see we are trying to release the first binary version, but
there are some issues with the license. pls follow [1]
[1] https://www.apache.org/legal/release-policy.html#compiled-packages
On Tue, Aug 29, 2023 at 11:04 PM Bertil Chapuis wrote:
>
> Thanks for reporting this. I obviously don’t
Thanks for reporting this. I obviously don’t see this warning ;)
Could this be related to the fact that the KEYS file need to be imported or
trusted?
wget https://downloads.apache.org/incubator/baremaps/KEYS
gpg --import KEYS
My public key is also published here:
https://keys.openpgp.org/search?
Right now I’m 0.
I’ve not run across this before, I’m not sure if it’s an issue for the release.
See gpg output below about the key not being certified. This is the reason my
vote is 0 at the moment.
gpg --verify $FILE.asc $FILE
gpg: Signature made Thu Aug 24 07:11:17 2023 CDT
gpg:
