-1. I notice at least a couple issues with license files. I used "meld" on 3.4.14 to compare it to 3.4.13.
in "lib" directory * the file "jline-0.9.94.LICENSE.txt" has gone missing (and there is no license file within the jar itself) * jsr305 and spotbugs-annotations jars have been added. Neither of those files have license files included in the tar, nor are they in the jar. In particular when I look at jsr305 I see a potential issue including it at all, see some of the jiras here: http://bit.ly/2Xl7aSn notice that hbase, giraph, and others have removed this library. It's not clear, e.g. https://github.com/findbugsproject/findbugs/issues/128 whether this can be included based on the limited research I've done so far. (I didn't look into spotbugs-annotations license situation at all) Do we need to include these libraries at all in the production release? (they are just used for specific testing modes, no?) If so are there any requirements wrt updating the notice file. Please use "meld" to review further - afaict I got them all but it would be good for someone to explicitly check. Do we know why the tars are significantly different sizes? (nearly 10%) -rw-r--r-- 1 phunt staff 37191810 Jul 15 2018 zookeeper-3.4.13.tar.gz -rw-r--r--@ 1 phunt staff 39105474 Feb 23 12:55 zookeeper-3.4.14.tar.gz Is it also expected that the number of files included has dropped dramatically? [phunt:~/Downloads/z/zookeeper-3.4.13] $ find . |wc -l 2023 [phunt:~/Downloads/z/zookeeper-3.4.14] $ find . |wc -l 1782 Patrick On Wed, Feb 20, 2019 at 8:08 AM Andor Molnar <an...@apache.org> wrote: > This is a bugfix release candidate for 3.4.14. It fixes 8 issues, mostly > build / unit tests issues, > dependency updates flagged by OWASP, NPE and a name resolution problem. > Among these it also supports > experimental Maven build and Markdown based documentation generation. > > The full release notes is available at: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310801&version=12343587 > > *** Please download, test and vote by February 24th 2019, 23:59 UTC+0. *** > > Source files: > https://dist.apache.org/repos/dist/dev/zookeeper/zookeeper-3.4.14-rc3/ > > Maven staging repo: > > https://repository.apache.org/content/groups/staging/org/apache/zookeeper/zookeeper/3.4.14/ > > The release candidate tag in git to be voted upon: release-3.4.14-rc3 > > ZooKeeper's KEYS file containing PGP keys we use to sign the release: > http://www.apache.org/dist/zookeeper/KEYS > > Should we release this candidate? > > Regards, > Andor > > >
