celix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pepijn Noltes <pepijnnol...@gmail.com>
Subject Re: [VOTE] Release Celix version 1.0.0.incubating
Date Tue, 28 Jan 2014 19:08:44 GMT
Hi Roman,

Could you have a look at the comments of Alexander? I known I'm pushing a
bit, but we are hoping to get the release ready :).


On Fri, Jan 24, 2014 at 12:11 PM, Alexander Broekhuis <a.broekhuis@gmail.com
> wrote:

> Hi Roman,
>
> See my remarks inline below. I hope this gives you enough confidence to
> sign this release off.
>
> 2014/1/24 Roman Shaposhnik <rvs@apache.org>
>
> > I know that some of the items are nits, but if we are to
> > re-cut an RC for Boost reasons -- I'd suggest we may
> > as well take care of them
> >
>
> The way I read [2], there is no need to add anything to the notice file at
> all. All third party sources we use have a header with the respective
> license information. At [2] it is even explicitly mentioned not to add
> anything unless legally required.
>
> "Do not add anything to NOTICE which is not legally required."
>
> So I don't see a reason why a new release is needed for Boost.
>
>  >
> > > The checksum has been created with the command mentioned on the Apache
> > > Signing Releases page [1]. I don't see what is wrong with this.
> >
> > There was an old discussion on that some time ago. Basically
> > the problem boils down to a fact that I can't verify it with shasum(1)
> > and thus can't sign off on it.
> >
>
> This was indeed an old discussion, but there has never been reached a
> consensus, and as stated before, I've explicitly used the method described
> on the Apache pages, which uses the gpg tooling to verify a checksum.
> Instead of using shasum, you can simply use gpg --print-md "filename".
>
> If all I do is follow the official Apache document then what am I doing
> wrong?
>
> I've had some discussion with Marcel on this topic as well, and in some
> other project where Marcel is involved, they use a script to compare the
> checksums. A similar solution might be implemented for Celix as well, I
> don't mind adding this to the backlog.
>
>
> >
> > >>    * it would be nice to have version embedded into the name of the
> top
> > >>      level dir inside of the tarball
> > >>
> > >
> > > We have decided to leave it out since else there would always be an
> issue
> > > with the BUILDING instructions and the default directory. This was a
> > remark
> > > by someone on the first (0.0.1) release where we did have the version
> in
> > > the top-level directory.
> >
> > Hm. I'm just curious -- was there a thread on this one?
> >
>
> This was a remark made by Marcel on our first release. See [3] for his
> message/the release thread.
>
>
>
> >
> > >>    * boost license is missing in NOTICES
> > >>
> > >
> > > Why should the boost license be in the NOTICES file? There have been a
> > lot
> > > of discussions on this file, and my understanding always has been that
> > if a
> > > license is in a header it is not needed to add it to the NOTICES file.
> >
> > I honestly don't recall this. Care to point a thread?
> >
>
> I can't find the thread, but [2] gives a good explanation.
>
>
> >
> > Thanks,
> > Roman.
> >
>
>
> [1]: http://www.apache.org/dev/release-signing#sha-checksum
> [2]: http://www.apache.org/dev/licensing-howto.html#mod-notice
> [3]: http://incubator.markmail.org/thread/ot7cwepmcusdblqs
>
> --
> Met vriendelijke groet,
>
> Alexander Broekhuis
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message