You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@incubator.apache.org by Eric Friedrich <fr...@apache.org> on 2016/11/01 16:30:00 UTC

Release License Audit

Many of the release guidelines mention a license audit of the released
source files.

Are there any particular requirements as to how this audit is performed?


Can the audit be done manually?

I've seen references to using the Apache RAT tool. Is this use required or
just suggestion?

How do other podlings typically handle this requirement?

Thanks,
Eric

Re: Release License Audit

Posted by Stian Soiland-Reyes <st...@apache.org>.

Apache RAT helps a lot - at least to find files which hasn't got a
license header - but also manual grep for "Copyright", "License",
"GPL" etc.  Some of these will require you to update your LICENSE or
NOTICE files.

Then you would have to go through binary files and check their origin,
e.g. PNGs for toolbar buttons.


A second item is to check the dependencies your code depends on, here
the Maven dependency plugin and Maven License pluginS (there are two)
will help you somewhat. Usually there are some <dependencies> which
didn't bother to put a <license> to their pom.xml, those would have to
be checked manually.

If you do binary releases that include third-party libraries, then
that release would need it's own augmented LICENSE/NOTICE to cover the
libs.


If it's a larger project, then to keep track of this for a podling it
might be good to do a wiki page or two and raise Jira issues to track
those files you are not quite sure of.

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

Re: Release License Audit

Posted by Craig Russell <cr...@oracle.com>.

Hi Eric,

> On Nov 1, 2016, at 9:30 AM, Eric Friedrich <fr...@apache.org> wrote:
> 
> Many of the release guidelines mention a license audit of the released
> source files.
> 
> Are there any particular requirements as to how this audit is performed?

No. The requirement is that all files be examined to determine if a license notice is needed, and if so, that the proper license is included in the proper place.

This is a bit time consuming and most projects find that tooling is the best way to do it.
> 
> 
> Can the audit be done manually?

Yes.
> 
> I've seen references to using the Apache RAT tool. Is this use required or
> just suggestion?

Just a strong suggestion.
> 
> How do other podlings typically handle this requirement?

Most that I know of set up RAT to run on a regular basis, so problems can be caught early.

Regards,

Craig
> 
> Thanks,
> Eric

Craig L Russell
clr@apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org