Just wanting to share concern about a couple of things: 1) Using Cobertura. It's reports are GPL. 2) Including sites in downloads.
If we have a component with Cobertura turned on, and with the site included in the distribution, then things are very unhappy. Findbugs doesn't seem to be the same issue - it's LGPL, but the reports don't appear to contain any LGPL JavaScript. Currently we have Cobertura in: commons-sandbox-parent/pom.xml dbcp/pom.xml io/pom.xml jci/pom.xml jexl/pom.xml lang/pom.xml math/pom.xml betwixt/project.xml codec/project.xml collections/project.xml collections_jdk5_branch/project.xml configuration/project.xml dbcp/project.xml io/project.xml lang/project.xml math/project.xml primitives/project.xml validator/project.xml Looking at upcoming releases, IO does not distribute the site and FileUpload does but doesn't have any suspicious looking reports. Do we want to play it safe and either not include Cobertura (and other reports with similar problems), or not have downloaded sites? Or keep it as it is and make this something we have to look at on every RC check? Hen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
