celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Broekhuis <a.broekh...@gmail.com>
Subject Re: [VOTE] Release Celix version 1.0.0.incubating
Date Fri, 24 Jan 2014 11:11:05 GMT
Hi Roman,

See my remarks inline below. I hope this gives you enough confidence to
sign this release off.

2014/1/24 Roman Shaposhnik <rvs@apache.org>

> I know that some of the items are nits, but if we are to
> re-cut an RC for Boost reasons -- I'd suggest we may
> as well take care of them
>

The way I read [2], there is no need to add anything to the notice file at
all. All third party sources we use have a header with the respective
license information. At [2] it is even explicitly mentioned not to add
anything unless legally required.

"Do not add anything to NOTICE which is not legally required."

So I don't see a reason why a new release is needed for Boost.

 >
> > The checksum has been created with the command mentioned on the Apache
> > Signing Releases page [1]. I don't see what is wrong with this.
>
> There was an old discussion on that some time ago. Basically
> the problem boils down to a fact that I can't verify it with shasum(1)
> and thus can't sign off on it.
>

This was indeed an old discussion, but there has never been reached a
consensus, and as stated before, I've explicitly used the method described
on the Apache pages, which uses the gpg tooling to verify a checksum.
Instead of using shasum, you can simply use gpg --print-md "filename".

If all I do is follow the official Apache document then what am I doing
wrong?

I've had some discussion with Marcel on this topic as well, and in some
other project where Marcel is involved, they use a script to compare the
checksums. A similar solution might be implemented for Celix as well, I
don't mind adding this to the backlog.


>
> >>    * it would be nice to have version embedded into the name of the top
> >>      level dir inside of the tarball
> >>
> >
> > We have decided to leave it out since else there would always be an issue
> > with the BUILDING instructions and the default directory. This was a
> remark
> > by someone on the first (0.0.1) release where we did have the version in
> > the top-level directory.
>
> Hm. I'm just curious -- was there a thread on this one?
>

This was a remark made by Marcel on our first release. See [3] for his
message/the release thread.



>
> >>    * boost license is missing in NOTICES
> >>
> >
> > Why should the boost license be in the NOTICES file? There have been a
> lot
> > of discussions on this file, and my understanding always has been that
> if a
> > license is in a header it is not needed to add it to the NOTICES file.
>
> I honestly don't recall this. Care to point a thread?
>

I can't find the thread, but [2] gives a good explanation.


>
> Thanks,
> Roman.
>


[1]: http://www.apache.org/dev/release-signing#sha-checksum
[2]: http://www.apache.org/dev/licensing-howto.html#mod-notice
[3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs

-- 
Met vriendelijke groet,

Alexander Broekhuis

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message