David Jencks ha scritto: > > On Jun 14, 2009, at 11:06 AM, Norman Maurer wrote: > >> Hi guys, >> >> here is the VOTE for release jSPF 0.9.7. Please cast your VOTE after >> review: >> >> http://people.apache.org/~norman/staging-repository/org/apache/james/jspf/apache-jspf/0.9.7/ >> > > I'm confused by a few things. > > I'm really confused by the two LICENSE files and two NOTICE files. Not > being a lawyer I think I'd have to consult one before considering using > the product. I'm not sure how anyone could figure out which file > applies to the product.
This is how most James releases are distributed. Maybe the LICENSE.apache file is only needed by projects using ANT, but Robert can probably give a better answer. Maybe we can remove the NOTICE.base and LICENSE.apache as long as we don't have ant support. > My understanding of apache policy is that the legal files are supposed > to describe and apply to exactly what is in the artifact that contains > them. I didn't do a complete search but suspect from the language that > the larger LICENSE and NOTICE files also include information about > dependencies such as junit that are not actually redistributed. The > notice file also has some "thanks for the inspiration" notes that don't > seem to me appropriate for the NOTICE file. Again, its only my > impression of apache policy, but I think the NOTICE file is supposed to > be as short as possible and only include the standard apache notice and > anything legally required by external code that is actually included in > the artifact. We discussed it also on legal-discuss. THe policy is to describe ikn NOTICE and LICENSE exactly what we have in each distro but most projects don't do this and doing so would be a PITA, so it is acceptable to have a NOTICE/LICENSE that include more that what is required. > The BUILDING.txt and README.txt don't have apache license headers. I'm > really not sure if they are required to, but adding them removes all > questions from sticklers like me :-) Ok, but minor. > On a much less important subject, it looks like you have a maven build > but I don't see a maven repo structure in the staging area that includes > the actual jars. Is there a plan to deploy the jars to maven central? > I guess looking closer there's a private svn repo in stage so deploying > the jars is not a good idea since the dependencies must not be in > central. Since this is a somewhat unusual way to use maven it might be > helpful to explain it in the BUILDING file and note that for this reason > neither snapshots nor releases should be deployed to public maven repos. Stage and JAMES projects' usage of m2 is a PITA, but I don't get why we can't publish artifacts to public maven repos. In public maven repositories there is any sort of "chaos", I don't know of any rule/restriction saying we can't publish an artifact having dependencies on artifacts that are not on the same repository. > I think it might be a good idea to fix the legal files content and make > sure only one LICENSE and one NOTICE file are present. I'd make this > into more of a standard up to date maven project but that is a matter of > taste. I'm fine with most suggestions, but I think none of them is blocking. Most of Apache JAMES released artifacts till today have the same issues. JIRAs can be filed in order to have some of them considered for 0.9.8. Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org
