You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@creadur.apache.org by Robert Burrell Donkin <ro...@blueyonder.co.uk> on 2013/03/26 13:18:44 UTC

Issue with orgapachecreadur-019 [WAS Re: Staging Apache Rat 0.9]

On 03/24/13 18:21, Robert Burrell Donkin wrote:
> On 03/24/13 09:26, Robert Burrell Donkin wrote:
>> On 03/23/13 11:39, Robert Burrell Donkin wrote:
>>> Unless anyone jumps in sometime soon with an issue with the latest[1]
>>> snapshot[2], following the guidelines[3] I hope to cut a 0.9 and upload
>>> it to the staging repository.
>>
>> Hopefully we have lazy consensus on this. I hope to cut this later today.
>
> After a little bit of a battle, I've pushed to staging[1]. Before I move
> on to a VOTE, I hope to take a look using tentacles

Unfortunately, I didn't check that the build for the apache-rat runnable 
uber-jar uses the maven-shade plugin :-( This means that the jar is 
missing NOTICE files for the Apache Licensed dependencies included 
within the jar. Apologies.

All the dependences involved are Apache Software Foundation releases. 
Unless anyone spots something, I can't see this mistake posing a legal 
risk to downstream users.

So, unless anyone jumps in, I'll just go ahead to fix the issue in 
trunk, delete the staging repository and then think about cut another 
candidate.

I'm less sure about the best approach to numbering this new candidate. 
(In the past, I've cut release candidates first. Even with a staging 
repository this would have been sensible.) I lean towards 0.9.1, 
eliminating any risk that two signed 0.9 could escape into the wild.

Opinions? Objections? Suggestions?

Robert

Re: Issue with orgapachecreadur-019 [WAS Re: Staging Apache Rat 0.9]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/26/13 12:18, Robert Burrell Donkin wrote:

<snip>

> Unfortunately, I didn't check that the build for the apache-rat runnable
> uber-jar uses the maven-shade plugin :-( This means that the jar is
> missing NOTICE files for the Apache Licensed dependencies included
> within the jar. Apologies.

The reason why we don't use the shade plugin is that it requires Maven 
3. I'll try a less elegant work around...

Robert

Re: Issue with orgapachecreadur-019 [WAS Re: Staging Apache Rat 0.9]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/28/13 10:17, Robert Burrell Donkin wrote:
> On 03/26/13 20:37, sebb wrote:
>> On 26 March 2013 12:18, Robert Burrell Donkin
>> <ro...@blueyonder.co.uk> wrote:
>
> <snip>
>
>>> I'm less sure about the best approach to numbering this new
>>> candidate. (In
>>> the past, I've cut release candidates first. Even with a staging
>>> repository
>>> this would have been sensible.) I lean towards 0.9.1, eliminating any
>>> risk
>>> that two signed 0.9 could escape into the wild.
>>>
>>> Opinions? Objections? Suggestions?
>>
>> Not sure you need to worry about the files escaping from the staging
>> repo - that's part of the point, they are not yet published files.
>> So long as you delete the repo they won't be published.
>
> Yes, now that the repo has been dropped, escape is unlikely
>
> I'm comfortable with either trying a 0.9 again or cutting a 0.9.1
>
> Is there consensus that trying again to cut a 0.9 release would be the
> best approach?

A good fix turned out to be fiddle, so I committed a workaround[1] for 
the issue. I'm ready to try staging another candidate.

Robert
[1] http://svn.apache.org/viewvc?view=revision&revision=1462047

orgapachecreadur-039 [Re: Staging Another Candidate for Rat 0.9]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/30/13 09:27, Robert Burrell Donkin wrote:
> On 03/29/13 08:58, Robert Burrell Donkin wrote:
>> On 03/28/13 10:17, Robert Burrell Donkin wrote:
>>> On 03/26/13 20:37, sebb wrote:
>
> <snip>
>
>>>> Not sure you need to worry about the files escaping from the staging
>>>> repo - that's part of the point, they are not yet published files.
>>>> So long as you delete the repo they won't be published.
>>>
>>> Yes, now that the repo has been dropped, escape is unlikely
>>>
>>> I'm comfortable with either trying a 0.9 again or cutting a 0.9.1
>>>
>>> Is there consensus that trying again to cut a 0.9 release would be the
>>> best approach?
>>
>> Assuming no one jumps in sometime soon, I'll assume lazy consensus[1]
>> for staging a second Apache Rat 0.9 candidate.
>
> Okay - I plan to cut a second Apache Rat 0.9 candidate now

Done

https://repository.apache.org/content/repositories/orgapachecreadur-039/

Please feel free to take a look. I'll have a poke around, and if it 
looks okay I'll move towards a VOTE tomorrow.

Robert

Re: Staging Another Candidate for Rat 0.9 [WAS Re: Issue with orgapachecreadur-019]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/29/13 08:58, Robert Burrell Donkin wrote:
> On 03/28/13 10:17, Robert Burrell Donkin wrote:
>> On 03/26/13 20:37, sebb wrote:

<snip>

>>> Not sure you need to worry about the files escaping from the staging
>>> repo - that's part of the point, they are not yet published files.
>>> So long as you delete the repo they won't be published.
>>
>> Yes, now that the repo has been dropped, escape is unlikely
>>
>> I'm comfortable with either trying a 0.9 again or cutting a 0.9.1
>>
>> Is there consensus that trying again to cut a 0.9 release would be the
>> best approach?
>
> Assuming no one jumps in sometime soon, I'll assume lazy consensus[1]
> for staging a second Apache Rat 0.9 candidate.

Okay - I plan to cut a second Apache Rat 0.9 candidate now

Robert

Staging Another Candidate for Rat 0.9 [WAS Re: Issue with orgapachecreadur-019]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/28/13 10:17, Robert Burrell Donkin wrote:
> On 03/26/13 20:37, sebb wrote:
>> On 26 March 2013 12:18, Robert Burrell Donkin
>> <ro...@blueyonder.co.uk> wrote:
>
> <snip>
>
>>> I'm less sure about the best approach to numbering this new
>>> candidate. (In
>>> the past, I've cut release candidates first. Even with a staging
>>> repository
>>> this would have been sensible.) I lean towards 0.9.1, eliminating any
>>> risk
>>> that two signed 0.9 could escape into the wild.
>>>
>>> Opinions? Objections? Suggestions?
>>
>> Not sure you need to worry about the files escaping from the staging
>> repo - that's part of the point, they are not yet published files.
>> So long as you delete the repo they won't be published.
>
> Yes, now that the repo has been dropped, escape is unlikely
>
> I'm comfortable with either trying a 0.9 again or cutting a 0.9.1
>
> Is there consensus that trying again to cut a 0.9 release would be the
> best approach?

Assuming no one jumps in sometime soon, I'll assume lazy consensus[1] 
for staging a second Apache Rat 0.9 candidate.

Robert
[1] http://community.apache.org/committers/consensusBuilding.html

Re: Issue with orgapachecreadur-019 [WAS Re: Staging Apache Rat 0.9]

Posted by Robert Burrell Donkin <ro...@blueyonder.co.uk>.
On 03/26/13 20:37, sebb wrote:
> On 26 March 2013 12:18, Robert Burrell Donkin
> <ro...@blueyonder.co.uk> wrote:

<snip>

>> I'm less sure about the best approach to numbering this new candidate. (In
>> the past, I've cut release candidates first. Even with a staging repository
>> this would have been sensible.) I lean towards 0.9.1, eliminating any risk
>> that two signed 0.9 could escape into the wild.
>>
>> Opinions? Objections? Suggestions?
>
> Not sure you need to worry about the files escaping from the staging
> repo - that's part of the point, they are not yet published files.
> So long as you delete the repo they won't be published.

Yes, now that the repo has been dropped, escape is unlikely

I'm comfortable with either trying a 0.9 again or cutting a 0.9.1

Is there consensus that trying again to cut a 0.9 release would be the 
best approach?

Robert

Re: Issue with orgapachecreadur-019 [WAS Re: Staging Apache Rat 0.9]

Posted by sebb <se...@gmail.com>.
On 26 March 2013 12:18, Robert Burrell Donkin
<ro...@blueyonder.co.uk> wrote:
> On 03/24/13 18:21, Robert Burrell Donkin wrote:
>>
>> On 03/24/13 09:26, Robert Burrell Donkin wrote:
>>>
>>> On 03/23/13 11:39, Robert Burrell Donkin wrote:
>>>>
>>>> Unless anyone jumps in sometime soon with an issue with the latest[1]
>>>> snapshot[2], following the guidelines[3] I hope to cut a 0.9 and upload
>>>> it to the staging repository.
>>>
>>>
>>> Hopefully we have lazy consensus on this. I hope to cut this later today.
>>
>>
>> After a little bit of a battle, I've pushed to staging[1]. Before I move
>> on to a VOTE, I hope to take a look using tentacles
>
>
> Unfortunately, I didn't check that the build for the apache-rat runnable
> uber-jar uses the maven-shade plugin :-( This means that the jar is missing
> NOTICE files for the Apache Licensed dependencies included within the jar.
> Apologies.
>
> All the dependences involved are Apache Software Foundation releases. Unless
> anyone spots something, I can't see this mistake posing a legal risk to
> downstream users.
>
> So, unless anyone jumps in, I'll just go ahead to fix the issue in trunk,
> delete the staging repository and then think about cut another candidate.
>
> I'm less sure about the best approach to numbering this new candidate. (In
> the past, I've cut release candidates first. Even with a staging repository
> this would have been sensible.) I lean towards 0.9.1, eliminating any risk
> that two signed 0.9 could escape into the wild.
>
> Opinions? Objections? Suggestions?

Not sure you need to worry about the files escaping from the staging
repo - that's part of the point, they are not yet published files.
So long as you delete the repo they won't be published.

> Robert