incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: [PROPOSAL][VOTE] Subversion
Date Tue, 10 Nov 2009 18:35:33 GMT
Branko ─îibej wrote:
> Wait a minute. Are you implying that the "project" *should* release
> binaries? Wouldn't such a requirement apply to, say, APR, to keep this
> close to home?


Greg pointed out I make win32 binaries and these are not mandated, I do so
only because I trusted that typical win32 users wouldn't know a compiler
if it bit them on the toe, and the httpd project/ASF lets me do this -for
the project-.  Yes, the release is a bunch of source code.  The resulting
binaries (or .jar file or whatever) is simply an artifact but is provided
by the ASF, not I personally.

My point is that we categorically do not host outside party binaries here
(if you want, invite them to become committers).  We need them bound by a
CLA before an artifact they roll is posted on ASF infrastructure.

> Certainly any volunteer with proper karma can build binaries from the
> release tarballs, and if those binaries happen to pass muster wrt
> ASF-mandated legalities, then from my understanding it should be OK to
> host such binaries on ASF's infrastructure. But that's not the same as
> the project releasing those binaries -- lack of digital sigs on them is
> a dead giveaway.


> How many APR and/or httpd commiters sign your Windows binary packages?

Only one; my own gpg key, look at that chain of trust and you'll find at
least 2 more httpd (apr) committers who have signed that key.

I have never released any artifacts

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message