Every release will be posted onto dist.apache.org, like following:
https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating/
We need to do some verification in our own environment before voting.
Check the filelist
- CHANGES.txt
- [project]-source-release.zip
- [project].pom
- Signature file.
- Hash files.
DO NOT provide md5 files.
Download source package and unpack
Download griffin-0.2.0-incubating-source-release.zip from the dist page.
Unpack the zip.
Check the filelist inside
In the directory, check the files exists:
- LICENSE
- NOTICE
- DISCLAIMER
Check the licenses
mvn apache-rat:check
It should be success.
Check the third party licenses
mvn license:add-third-party
It will generate two files:
- service/target/generated-sources/license/THIRD-PARTY.txt
- measure/target/generated-sources/license/THIRD-PARTY.txt
Check the two files, make sure the third party packages' licenses are all permitted by Apache.
Licenses in Category X should not be depended on.
Category A • Can bundle and can depend on • Don’t add any restrictions above and beyond what the Apache License 2.0 does • Common licenses include: Apache License 2.0, Apache License 1.1, 2 or 3 clause BSD (without advertising clause), MIT/X11, W3C, Unicode, CC copyright only, WTF public license Category B • Can’t include in source release • Contain some restriction of use • By using binary form limits chance of corruption • Common license include: Common Development and Distribution License (CDDL), Eclipse Public License (EPL), Mozilla Public License (MPL), Creative Common Attribution (CC-A) Category X • Can’t depend on • Can’t bundle • A few exceptions for build tools • Or optional dependancies • Common Category X include: GPL, LGPL, CC non commercial, JSON, BSD 4 clause, Apache 1.0?
Source compile
mvn clean install
It should be success.
After all the steps above passes, you can be confident to vote +1.
If any problem, you can vote -1 with the reasons.