On 4 Feb 2013, at 09:26, Paul Sharples wrote: > On 03/02/2013 16:03, Scott Wilson wrote: >> Thanks Paul, I just downloaded them all and tried them out. >> >> Standalone >> ========= >> Verified signature: good! >> Untars fine, with right folder name. >> LICENSE looks OK >> NOTICE: possible problem with Santuario (see below) >> sh startup.sh: works fine >> >> War >> === >> Verified signature: good! >> Untars fine, with right folder name. >> LICENSE looks OK >> NOTICE: possible problem with Santuario (see below) >> Running: followed instructions, and it works fine using MySQL 5.1 + Tomcat >> 7.0.35 >> >> Src >> === >> Verified signature: good! >> Untars fine, with right folder name. >> LICENSE looks OK >> NOTICE looks OK >> ant run: works fine >> >> ==== >> I just had a look at Santuario, and it has a NOTICE[1] - doesn't this text >> need to be reproduced in the Wookie NOTICE for the standalone binary? If so >> we need to append it to the war and standalone NOTICE and rebuild these >> artefacts. >> >> This doesn't affect the src distribution. > > I'd assumed that because Santuario fell under the Apache 2.0 licence we > didn't need it. However I'm not sure.
I'm going to assume that we do need to do this, but that this only affects the binaries. I suggest that we re-package and stage the binaries with a modified NOTICE including XmlSec. Let me know when the binaries are updated and I'll review them again. > > Paul > >> >> S >> >> [1] >> http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/NOTICE?view=markup >> >> On 1 Feb 2013, at 09:36, Paul Sharples wrote: >> >>> Discussion thread for the vote on the 0.13.0 release candidate. >>> >>> For more information on the release process, checkout - >>> http://www.apache.org/dev/release.html >>> >>> Some of the things to check before voting are: >>> - can you run the demo binaries >>> - can you build the contents of source-release.zip and svn tag >>> - do all of the staged jars/zips contain the required LICENSE and NOTICE >>> files >>> - are all of the staged artifacts signed and the signature verifiable >>> - is the signing key in the project's KEYS file and on a public server >>> >
PGP.sig
Description: This is a digitally signed message part
