Alan D. Cabrera wrote:
On Jul 25, 2008, at 7:38 PM, Craig L Russell wrote:
Hi Alan,
On Jul 25, 2008, at 3:31 PM, Alan D. Cabrera wrote:
Some things to consider in this discussion:
- The 0.9.0 release cannot be performed off of the copy in ASF
- The 0.9.0 or earlier releases cannot be supported off of the copy
in ASF
Maybe that's what everyone is thinking. I just want to make sure
that it's clear.
I don't agree with either of the above opinions. We don't restrict
what people do with Apache code.
I don't see anything wrong with publishing a release off the artifacts
stored in Apache. It cannot be called "an Apache incubating release"
but it can certainly be called JSecurity 0.9 whatever.
Follow-on releases can similarly be built from code checked into the
Apache repository. They just cannot be called "Apache anything". And
if they're published in the jsecurity.org download area they can be
maintained in the Apache repository.
I'm not so sure about this. Is there a precedent for this?
Of course. Understand that it's not Apache Foo x.x.x, and that the ASF
doesn't publish or take account for the contents of such an external
package.
Which effectively means the committer (or their employer if they are
acting on the behalf of such) is assuming all responsibilities for such
a package. This is usually not the sort of personal responsibility an
individual desires, so it would probably make more sense to resolve the
issues at the project and vote on an ASF release.
The act of a tag-tar-vote-release at the ASF is an act of the foundation
(as long as the RM/PMC follows the whole process) so it is a shield, of
sorts. If the RM and project acts in good faith, the ASF backs the
release and is a much more public face to settle any later disputes.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
