...
- Check if checksums and GPG files match the corresponding release files
- Verify that the source archives do not contains any binaries
- Verify that the LICENSE and NOTICE file is correct for the source release.
- All dependencies must be checked for their license and the license must be ASL 2.0 compatible (http://www.apache.org/legal/resolved.html#category-x)
- Compatible non-ASL 2.0 licenses should be contained in the
packaged
-_licenses
directory of the respective module - The LICENSE and NOTICE files in the root directory refer to dependencies in the source release, i.e., files in the git repository (such as fonts, css, JavaScript, images)
- Check that all POM files point to the same version
...