Reviewing an Apache Release

Once a Release has been staged on it must be reviewed by each PMC member before casting his VOTE.

The following points need to be checked:

  • is the GPG signature fine?

  • is there a source archive?

  • can the source archive really be built?

  • is there a correct LICENSE and NOTICE file in each artifact (both source and binary artifacts)?

  • does the NOTICE file contain all necessary attributions?

  • check the dependencies. We must not have any GPL dependencies and LGPL only if they are optional, etc! See

  • do all the tests work?

  • if there is a TCK to run, does it succeed?

  • if there is a tag in the SCM, does it contain reproduceable sources?