Reviewing an Apache Release
Introduction
Once a Release has been staged on http://repository.apache.org it must be reviewed by each PMC member before casting his VOTE.
The following points need to be checked:
- is the GPG signature fine?
- is there a source archive?
- can the source archive really be built?
- is there a correct LICENSE and NOTICE file in each artifact (both source and binary artifacts)?
- does the NOTICE file contain all necessary attributions?
- check the dependencies. We must not have any GPL dependencies and LGPL only if they are optional, etc! See http://www.apache.org/legal/3party.html
- do all the tests work?
- if there is a TCK to run, does it succeed?
- if there is a tag in the SCM, does it contain reproduceable sources?