incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henry Saputra <>
Subject Re: [VOTE] Release of Apache Phoenix 2.2.3 incubating
Date Mon, 24 Feb 2014 18:20:07 GMT
Hi Andrew,

Are you saying it is ok to contain compiled executed binaries if they
were signed?

There had been long discussion in general@ list about what should be
contained in release artifacts (with 0.8.1 Spark release) and I
believe the conclusion was to avoid executable binaries in the source
release artifacts.

- Henry

On Mon, Feb 24, 2014 at 10:11 AM, Andrew Purtell <> wrote:
> Hi Sebb,
> On Sat, Feb 22, 2014 at 2:19 AM, sebb <> wrote:
>> I've had a quick look at the (sole) archive, and it contains both
>> source and compiled jars.
>> Although it is OK to release convenience binaries, there must be a
>> source only release, as that is the ASF mission - to release open
>> source.
> The "what must every release contain" doc says:
> Every ASF release *must* contain a source package, which must be sufficient
> for a user to build and test the release provided they have access to the
> appropriate platform and tools. The source package must be cryptographically
> signed <> by the Release
> Manager with a detached signature; and that package together with its
> signature must be tested prior to voting +1 for release.
> We can mentor the podling to produce a separate source only tarball, but
> this might be a point of confusion, because the candidate tarball here
> conforms to the above language, I have personally built and tested this
> release from the properly signed tarball. It is a source tarball also
> containing compiled binaries.
> --
> Best regards,
>    - Andy
> Problems worthy of attack prove their worth by hitting back. - Piet Hein
> (via Tom White)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message