incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luciano Resende <>
Subject Re: binary release artifacts
Date Mon, 23 Sep 2013 22:42:08 GMT
On Mon, Sep 23, 2013 at 2:23 PM, Marvin Humphrey <>wrote:

> On Mon, Sep 23, 2013 at 1:45 PM, Luciano Resende <>
> wrote:
> > Thanks for the summary Marvin,  how about we take the chance to update
> our
> > policy/documentation to clarify the social norm regarding placement of
> > LICENSE/NOTICE in the top level of a distribution but also clarify that,
> > any artifact being release by an Apache Project should be reviewed and
> > voted, as there were some suggestions on this thread that this was not
> the
> > case. If we can't clarify that on ASF level, at least we can clarify that
> > on the IPMC level.
> I understand the motivation, but I'm actually in favor of keeping the
> status
> quo.
> As Joe Schaefer pointed out, the VOTE only applies to the canonical source
> release.  Binary artifacts cannot be official releases of the ASF, and the
> IPMC cannot override that policy.
Is there any written policy that states that ? I have never heard that the
ASF can't have binary artifacts as official releases ?

Also, from Joe's message, I think he was mentioning what is done in the
context of HTTPD, not necessarily stating a policy or the social norm here
at Apache.

> Additionally, we still have a lot of work to do to squash licensing
> documentation bugs in our canonical source releases.  When we can't even
> get
> our official releases right, I don't think it makes sense to dilute our
> already thin quality control resources.
> Marvin Humphrey
The issue I see, particularly when evaluating maven based java source
releases (no binaries at all), is that the a lot of the dependencies for a
project might be transient making much harder and much more work to
evaluate a source only release. While reviewing a binary release, you have
listed all the binary dependencies and all it's associated license, making
the review process much simpler, allowing the reviewer to concentrate on
making sure the dependencies are allowed, no specific jars got unaccounted
on the license/notice, etc...


Luciano Resende

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message