Abstract

RAT is comprehension and auditing for distributions and source code.

Proposal

RAT will provide a focus for components, applications and integration tools for the comprehension and audit of distributions and source code. It will collect data and meta-data as required. It will create suitable schemas for this data and meta-data as required.

Background

RAT began as an attempt to automate the technical part of reviewing releases in the incubator. Following requests for access from release managers, RAT was developed as an open source project under the Apache License 2.0.

Rationale

Reviewing releases for compliance with Apache technical criteria and policies is time consuming. The Incubator requires that all releases are reviewed. Though small mistakes are common, this process typically adds only a little value. It is common for candidates to be presented with small but significant defects which then must be fixed and the candidate represented. Significant energy and good will is wasted by this process.

This is unnecessary. Given effort, these technical criteria are capable of automation.

Automated continuous checking of the source would allow the Incubator PMC to be alerted promptly to potential issues. Integration with build tools (such as Apache Ant and Apache Maven) would allow releases to be checked automatically and continuously.

Initial Goals

• Read standard license meta-data for documents without license headers
• Improved RAT reporting
• RAT source reporting for major build tools
• Continuous RAT
• RAT analytics: using meta-data to verify rules
  • Apache third party documents policy analysis
  • license compatibility analysis
• Discordia integration to allow distributed binaries to be recognised
• RAT analytic integration for major build tools
• Improved recursive RAT scripts for better analysis of release with many distributables
  

Current Status

Meritocracy

I'm very happy to move from a solo development model towards a collective one as more active developers are recruited.

Community

The RAT community needs to be developed. Having RAT here at Apache will hopefully encourage release managers to take a more active role in developing RAT.

Core Developers

It has been developed principally by myself but with significant contributions of small amounts of code from other Apache members and committers.

Alignment

RAT has found itself becoming a standard part of the Apache release infrastructure. The Incubator needs fully featured release tools. It makes sense to bring the project here.

Known Risks

Orphaned Projects

This is a project with a set of definite goals aimed at serving the wider Apache community. There may well come a time when the coding is actually finished. It has a small set of developers who all have many other calls on their time. The target user audience is relatively small. So, this risk is real.

I think that it's clear that something similar to RAT is required. So, unless another better product is developed, time will be found to push RAT forward. Even if one day, RAT is orphaned then it will have done it's job.

Inexperience With Open Source

The contributors are Apache members or experienced Apache committers.

Reliance On Salaried Developers

I know of no one who's paid to work on RAT.

Relationships with Other Apache Products

RAT contains an Ant reporting plugin. Codehaus hosts a Maven reporting plugin. Analytic plugins for Ant and Maven will be developed. There are overlaps with Tika and there has been some talk of collaboration. The discordia lab will likely be used for license and artifact meta-data. RAT may integrate with Gump for continuous code scanning.

Initial Source

• http://code.google.com/p/arat/source
• http://mojo.codehaus.org/rat-maven-plugin
  

External Dependencies

Compliant with current Apache policy.

Cryptography

Required to check signatures.

Required Resources

Mailing lists:

• rat-private
• rat-dev
• rat-commits
  

Subversion Directory: https://svn.apache.org/repos/asf/incubator/rat

Issue Tracking: JIRA (RAT)

Other Resources: Continuous integration may eventually required hardware

Initial Committers

• Stefan Bodewig <bodewig AT apache.org>
• Robert Burrell Donkin <rdonkin AT apache.org>
• Nodet Guillaume <gnodet AT apache.org>
• Garrett Rooney <rooneg AT apache.org>
• Matthieu Riou <mriou AT apache.org>
• Jochen Wiedmann <jochen AT apache.org>
• Henri Yandell <bayard AT apache.org>
• Karl Pauls <pauls AT apache.org>
  

If any other existing Apache committers would like to be grandfathered into the list then feel free to ask.

Sponsors

Champion

Robert Burrell Donkin

Mentors

Volunteers, please.

• Yoav Shapira <yoavs AT guess >
• Ross Gardler <rgardler AT apache.org>
• Matt Hogstrom <hogstrom AT apache.org>
• Jim Jagielski <jim AT apache.org>
  

I would prefer mentors who have not been involved with RAT. This will allow a more objective perspective. I doubt that supervision will be too great a burden.

Sponsoring Entity

The final destination is still uncertain. If RAT accumulates code then it is possible that a top level project would be appropriate. If RAT pushes code out to other projects then it might make more sense as a subproject of Maven or Gump. If RAT is finished before it creates a viable community then it may make sense as an Incubator subproject.

So I would like to ask the Incubator PMC to sponsor RAT.