THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- You need to ensure that all source and binaries Flink is distributing have been developed by Flink, or under a compatible license, and that we are fulfilling all requirements of these licenses. It is impractical to manually check all dependencies, code and binaries for every release.
- We recommend:
- Checking all pom.xml changes between the release candidate and the last release, and then checking if the NOTICE files have been touched (if necessary because of shading)
- Checking the NOTICE file contents if possible. For a specific module whose dependency has changed in this release,
- By using "mvn package -DskipTests -pl <module> | grep -i Including", you could filter the output like "[INFO] Excluding commons-codec:commons-codec:jar:1.15 from the shaded jar." .
- From the list you could get the list of dependencies get shaded in. For each dependency, sometimes they'll include the used license in the pom.xml files and you could find the file under maven local repositories of the given dependency. If that is not true, you could always find the type of license in maven repo like https://mvnrepository.com/artifact/com.google.api-client/google-api-client-jackson2/1.32.2
- Checking all (or a sample of) jars in the staging repository and Flink distribution: Are shaded or bundled jars mentioned in the NOTICE file?
- check using "
jar tf <jar file> | grep"or "jar tf <jar file> | less"
- check using "
- Checking all (or a sample of, or changes of) non-Java-source-code files (such as build setup, documentation, javascript, ...).
- Their license needs to be mentioned properly
- requirements from their licenses need to be fulfilled (NOTICE file forwards, copyright owner mentions, ...)
- we need to make sure we did everything correctly with copied code
...