Hi Sebb, https://community.apache.org/apache-way/apache-project-maturity-model.html
> On Mar 8, 2021, at 3:41 AM, sebb <seb...@gmail.com> wrote: > > What does "and/or" in RE30 really mean? > Is it intentional? > > --------- > RE30 > Releases are signed and/or distributed along with digests that can be > reliably used to validate the downloaded archives. > --------- > > Expanding the and/or, I read this two ways: > > 1) Releases are signed and distributed along with digests that can be > reliably used to validate the downloaded archives. > > 2) Releases are signed or distributed along with digests that can be > reliably used to validate the downloaded archives. > > Statement 1 seems clear to me. I agree. It could even be clearer that signatures and digests (SHA256 and/or SHA512) are both required. Maybe the type of digest was the origin of the and/or... > > Statement 2 appears to imply that releases don't have to be signed -- > if it means anything. I cannot parse this one either. Craig > > Sebb. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > Craig L Russell c...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
