Thanks for replying Steve - I see what you mean about dependencies, hadn't thought about that.
When I did `coho verify-archive` I got "gpg: WARNING: This key is not certified with a trusted signature!". I guess this is ok, but is there any way to address the warning? On 8/13/15, 2:47 PM, "Steven Gill" <stevengil...@gmail.com> wrote: >Audit license headers is the important one. > >At the end of the day, we aren't shipping any of our dependencies. They >are >all downloaded by our users. We can contact module authors who don't have >license listed to get them to list one. > >-Steve > >On Thu, Aug 13, 2015 at 5:40 AM, Homer, Tony <tony.ho...@intel.com> wrote: > >> I'm trying to validate the tools release. >> I'm following the instructions[1], but I haven't used coho before and am >> not sure about the results. >> >> `coho audit-license-headers -r js -r lib -r cli -r plugman` >> The doc warns that audit-license-headers has false positives, so I'm >> ignoring the following results: >> ./appveyor.yml >> ./tasks/vendor/commonjs-tests/* >> ./tasks/vendor/jasmine/* >> ./spec-cordova/* >> ./spec-plugman/* >> ./src/plugman/help.txt >> Are these are all false positives? >> If yes, I think the audit-license-headers results are ok. >> >> `coho check-license -r tools` >> I got a lot of results so I started adding what I think are false >> positives to the license filter: >> "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0" >> I also updated to nlf 1.3.2 in order to get nicer output and a fix for >>the >> single license under licenses bug [2]. >> I still get 88 results for packages with no license entry in >>package.json. >> (plus xmldom, which has a syntax error in the license entry but has an >> Apache-compatible license) >> >> Are "ISC","Public Domain","WTFPL","ASF","Unlicense","Artistic-2.0" all >> Apache-compatible? >> Are packages with no license entry ok - any additonal action required? >> Should I submit a PR to add the additional license strings to the filter >> and update nlf? >> >> [1] >> >>https://github.com/apache/cordova-coho/blob/master/docs/tools-release-pro >>cess.md#test >> [2] https://github.com/iandotkelly/nlf/pull/22 >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org >> For additional commands, e-mail: dev-h...@cordova.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@cordova.apache.org For additional commands, e-mail: dev-h...@cordova.apache.org
