incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <bdelacre...@apache.org>
Subject Re: Convenience Binary Policy
Date Thu, 23 Oct 2014 07:11:24 GMT
Hi,

On Thursday, October 23, 2014, Roman Shaposhnik <roman@shaposhnik.org>
wrote:

> ...I understand the need of projects like OO to provide binaries of some
sort,
> I just don't understand why do they have to be 'blessed' by ASF. Once
> source gets built and packaged a whole new set of issues kick in. I don't
> think the foundation is well prepared to deal with those. We might as
> well admit it explicitly...

My understanding is that while we don't make any guarantees about
convenience binaries, and while they are not ASF releases, it is good to be
able to verify that the binary that you got is the one that someone from
the PMC prepared.

So if our PMCs distribute convenience binaries, signing them for example is
a good thing to allow users to verify that they are using what the PMC
built, as opposed to some rogue binary. Signing doesn't mean the binary is
"blessed", it just allows users to verify that they are using what the PMC
intended to distribute.

-Bertrand

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message