On Fri, Jun 21, 2013, at 10:14 AM, Ali Lown wrote: > It looks like RC3 will fail at the Incubator vote. (This is both fine > and expected)
Yep. > This also conveniently lets us merge some of the other fixes (for > example the broken translations/eclipse) in for RC4. Okay, but don't absorb *too* many changes. > The main problem seems to (still) be the third_party/* files > (particularly in the source release - I don't know if they are okay to > be included in the 'binary' release). A *source* release must be source only. Third party jars aren't source, so shouldn't be included. They are fine in a binary release. > It looks like the easiest way to handle this is to have them all > downloaded during the get-third-party ant task. That would be a reasonable thing for the build script in the src distribution to do, but so long as there is some way (even manual) for that to happen, I don't see it as an issue. > Some comments were raised about the src/python/api files not being > correctly licensed. Manually inspecting them it appears rat wasn't > complaining because they are all Apache licensed, but we have > 'Licensed under the Apache License' used for some, and (the correct?) > 'Licensed to the Apache Software Foundation' in others. The first would be valid for code written elsewhere, and the latter for code being maintained here. Which are they? > We (may) need to file for an ECCN given we use bouncy-castle. (Is this > only an issue if we include it, if we have it fetched by a separate > task (given the IPMC don't seem to like having the jars shipped with > Wave) is it still a problem?) The ECCN stuff is for 'exporting encryption'. If we release a convenience binary, then as far as the US govt is concerned, we need to do the ECCN stuff. Upayavira
