You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Every release will be posted onto dist.apache.org, like following as an example:

https://dist.apache.org/repos/dist/dev/incubator/griffin/0.2.0-incubating/

We need to do some verification in our own environment before voting.

Check the filelist

  • CHANGES.txt
  • [project]-source-release.zip
  • [project].pom
  • Signature file.
  • Hash files.

DO NOT provide md5 files.

Download source package and unpack

Download griffin-0.2.0-incubating-source-release.zip from the dist page.

Unpack the zip.

Check the filelist inside

In the directory, check the files exists:

  • LICENSE
  • NOTICE
  • DISCLAIMER

Check the licenses

mvn apache-rat:check

It should be success.

Check the third party licenses

mvn license:add-third-party

It will generate two files:

  • service/target/generated-sources/license/THIRD-PARTY.txt
  • measure/target/generated-sources/license/THIRD-PARTY.txt

Check the two files, make sure the third party packages' licenses are all permitted by Apache.

Licenses in Category X should not be depended on.

Category A
• Can bundle and can depend on
• Don’t add any restrictions above and beyond what the Apache License 2.0 does
• Common licenses include:
Apache License 2.0, Apache License 1.1, 2 or 3 clause BSD (without advertising clause), MIT/X11, W3C, Unicode, CC copyright only, WTF public license
 
Category B
• Can’t include in source release
• Contain some restriction of use
• By using binary form limits chance of corruption
• Common license include:
Common Development and Distribution License (CDDL), Eclipse Public License (EPL), Mozilla Public License (MPL), Creative Common Attribution (CC-A)
 
Category X
• Can’t depend on
• Can’t bundle
• A few exceptions for build tools
• Or optional dependancies
• Common Category X include:
 GPL, LGPL, CC non commercial, JSON, BSD 4 clause, Apache 1.0?


Source compile

mvn clean install

It should be success.


After all the steps above pass, you can be confident to vote +1.

If any problem, you can vote -1 with the reasons.


Some more references: https://events.static.linuxfound.org/sites/events/files/slides/Incubator_ApacheConUS2017.pdf

  • No labels