Hi, I'm mildly irritated, that trivial JARs are considered a problem for the 12.5 release, while a huge pile of files is completely excluded from RAT scanning.
I had a closer look at the JARs come down to this: ---------------------------------------------------------------- ./java/maven/test/unit/data/mavenmock/3.3.1/lib/fake331.jar ./java/maven/test/unit/data/mavenmock/3.0.5/lib/fake305.jar ./java/maven/test/unit/data/mavenmock/4.0.0/lib/fake400.jar ./java/maven/test/unit/data/mavenmock/2.2/lib/fake221.jar - trivial pom.properties + MANIFEST.MF (both text files) ---------------------------------------------------------------- ./java/maven/test/unit/data/mavenmock/source.jar - trivial pom.properties + pom.xml + MANIFEST.MF (all text files) ---------------------------------------------------------------- ./platform/autoupdate.services/test/unit/src/org/netbeans/api/autoupdat e/data/empty.jar - trivial MANIFEST.MF ---------------------------------------------------------------- ./enterprise/payara.common/test/unit/data/nottaDir-4_1_2.jar ./enterprise/payara.common/test/unit/data/subdir/nottaDir-5.0.jar ./enterprise/glassfish.common/test/unit/data/nottaDir-4_1_2.jar ./enterprise/glassfish.common/test/unit/data/subdir/nottaDir-5.0.jar - one byte files ---------------------------------------------------------------- There is IMHO _nothing_ in this, that warrants doubts on the cleanliness of the release. I'll see if I can remove them all all, but for 12.5 IMHO this is out of scope and also unnessary. Greetings Matthias, putting away the zip tool for now Am Samstag, dem 11.09.2021 um 18:34 +0100 schrieb Neil C Smith: > On Sat, 11 Sept 2021 at 17:08, Laszlo Kishalmi > <[email protected]> wrote: > > The only thing bothers me, that there are 5 new jars under > > java/maven/test/unit/data/mavenmock > > > > They are only test data, but they are real jars indeed. It seems that > > one even slipped through the 12.4 phase (I have not checked the jars > > that time.) Introduced in 95d4fd144eabe7dfc07fe7c5e7c8d81e1e26d013 > > They certainly didn't slip through in 12.4, and they're allowable if > they don't contain executable code. Same as a few .zip files we have. > They were checked for that - it's even the reason for my comments on > this legal thread at the time > https://lists.apache.org/thread.html/rcddc30dd1f0c7f20709e09de7202d4d6885d6235a7fce1c1ab46e4ed%40%3Clegal-discuss.apache.org%3E > > Mentioning here as you (or anyone else) might want to review and > verify they're allowable in voting. > > > It might be not a show stopper, but we have to take a remedy action that > > these jars would be generated from real source during build time in the > > next release. > > Real source might be a moot point, but whether the .jar and .zip files > we have should be generated is probably worth some thought, as > archives in general make reviewing more difficult (mentioned by others > in same legal thread above). That bit is a discussion we should move > off the vote thread though. > > Best wishes, > > Neil > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > For further information about the NetBeans mailing lists, visit: > https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
