On Tue, Feb 16, 2010 at 5:28 PM, Bertrand Delacretaz <[email protected] > wrote:
> Hi, > > On Mon, Feb 15, 2010 at 4:05 PM, Richard Hirsch <[email protected]> > wrote: > > ...The candidate can be found at: > > > > http://people.apache.org/~rhirsch/esme/<http://people.apache.org/%7Erhirsch/esme/> > > Unfortunately I'm -1 on the release, I have a few issues including a > GPL dependency. > > 1) jwebunit dependency is GPL > The server module depends on > > net.sourceforge.jwebunit:jwebunit-htmlunit-plugin:jar:1.4.1:test > > which according to http://jwebunit.sourceforge.net/license.html is GPL. > > 2) The sha1 digest does not match, did I do something wrong? > > $ openssl sha1 apache-esme-incubating-1.0-src.tar.gz > SHA1(apache-esme-incubating-1.0-src.tar.gz)= > a9ec8d95266d5944d493392a06eb1651c03222f1 > > $ cat apache-esme-incubating-1.0-src.tar.gz.sha > apache-esme-incubating-1.0-src.tar.gz: A53494C8 55474CE3 5AC20516 C2448CB6 > 64B3B76C 747BA64A FFC9A836 EDAB8D86 > 4E0735CC AA29ACA9 07767C58 D1C0FEDA > CA7E73A3 ADA3944D 464314B2 4BE0E476 > > 3) mvn dependency:analyze of the server module shows lots of unused > declared dependencies, those should be cleaned up, especially > openDMK:jdmkrt:jar which according to https://opendmk.dev.java.net/ is > either GPL or CDDL license. Not sure which parts of OpenDMK are which > license, but as it's unused better remove it. > > 4) When trying to build esme-java-client with "mvn clean install" I > get "Embedded error: Error while executing the external compiler" if > JAVA_HOME is not set. > > 5) apache-esme-incubating-1.0-src.tar.gz contains .svn folders, it > should not have that. You could have created the release using svn > export of > http://svn.apache.org/repos/asf/incubator/esme/tags/apache-esme-1.0-incubating/ > to avoid that. > How do you create the release without the SVN info? I tried with SVN export via SVNTortoise and still got the SVN info. > > 6) I couldn't find license information for the > com.twitter:stats:jar:1.3:compile dependency, was that checked to be > ok? > Here are the current unknowns: Unnamed - com.twitter:json:jar:1.1, Unnamed - com.twitter:stats:jar:1.3, Unnamed - com.twitter:xrayspecs:pom:1.0.4, Unnamed - javax.servlet:servlet-api:jar:2.5, Unnamed - net.lag:configgy:jar:1.4 configgy : http://github.com/robey/configgy with a Apache 2.0 license for the com.twitter.* jars there is no license information available and it looks like the developer has created a new git project with Apache 2.0 license: http://github.com/robey/ostrich. We'll move to it next release. > > Sorry that I didn't have time to look at that during the ESME podling vote. > > Apart from the GPL dependency the release preparation looks mostly ok, > rat reports are good, license/notice are provided, etc. > > -Bertrand >
