On 13 October 2014 17:15, Branko Čibej <br...@e-reka.si> wrote: > On 13.10.2014 16:14, Julian Hyde wrote: >> For many projects, especially "library" projects, the "convenient binaries" >> that matter most these days are the jars (source, binary, and javadoc) that >> are deployed to the maven repo. Calcite releases in fact do not currently >> include a binary tar ball, only a source tar ball and maven jars. >> >> Are these jars subjected to due diligence during the release vote? It seems >> to me that each of those jars is a de facto binary release. > > If it contains sources, it's not a binary release.
Not strictly true. Binary artifacts often contain source code examples. > Binary JARs are > definitely a binary release. I haven't a clue what Javadocs are, but > since they're derived from the sources, I'd prefer to put them in the > "binary" category for simplicity. > > But that's beside the point. "Convenience binaries" are anything that > was created from the properly voted-on and released source that did not > go through the same formal release proces as the source release. If the > PMC did not vote on the binary JARs, they are not an Apache Release and > therefore none of our guarantees (or liabilities) can apply to them. However, if binary tarballs are distributed from the ASF mirroring system, then the principle of least suprise means that the contents must agree with the NOTICE and LICENSE files, and that the tarball does not contain code that is incompatible with the ALv2. Therefore I think such tarballs MUST be checked for such policy. Clearly the binary hashes and sigs MUST also be checked. > -- Brane > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
