Hi Ate, I am trying to resolve the shortcoming you pointed out and i hope you could help me out with some doubts i have. Please see my questions inline. I sure hope i was reading the right release guidelines [1].
> - BLOCKER: none of the *.jar artifacts (including derived build > -javadoc.jar, -sources.jar) contain the required incubator DISCLAIMER file I ve gone through the incubator release guidelines[2] which did not require disclaimer inside the jar. The jar manifest guidelines pointed to [2] which also did not require disclaimer. It says following. So should we include the DISCLAIMER in manifest. I do agree we lack some of the manifest required properties. [TODO: the incubator requires that users are informed that the by including a standard disclaimer. may be include in README, RELEASE_NOTES DISCLAIMER. It is recommended that it is not included in NOTICES ] > > - BLOCKER: the binary distributions LICENSE/NOTICE files are not covering > all bundled external dependencies which have/require separate mentioning, > e.g. like activation-1.1.jar (CDDL license!), jaxen-1.1.1.jar, > logback-*.jar, jibx-*.jar, mex-*.jar, and probably (much) more, I stopped > checking after finding already these. > In general any bundled artifact should be checked proper what license/notice > requirements it needs. For some this can be derived from the jar itself but > many don't have any so they need looking up elsewhere. And even for ASF > provided artifacts this is needed as some have *additional* notices (beyond > the default ASF notice) which then also should be covered/copied in the > project NOTICE file. I also see several edu.indiana provided artifacts > (weps-beans, pegasuswebservice, maybe more) of which it isn't clear to me > if/what license requirements they have. I see xpp3 mentioned in the NOTICE > file, but not these? If the third-party license is Apache compatible or category A in (http://apache.org/legal/3party.html ) , i assume we need not include it? Only category B is required to go to NOTICE file. I assume that is what you meant by the first half of this comment. > > - In addition I see several cryptix-* and jce-* libraries bundled: I suppose > these contain encryption techology/algorithms. I'm not sure if/how these > should be handled and/or require special notices. Possibly not, but I > suggest asking this specifically on general@incubator or check related > documents just to be sure (this is not my expertise). I ve asked for help from incubator general. Thanks for taking time to check all these. [1] http://incubator.apache.org/guides/releasemanagement.html#notes-disclaimer [2]http://commons.apache.org/releases/prepare.html#checkjarmanifest -- Chathura Herath http://people.apache.org/~chathura/ http://chathurah.blogspot.com/
