This all sounds very good to me and makes a lot of sense. As newcomers to Apache, Flex has had a lot of confusion over what “should” and “must” be done regarding releases. If these things would be spelled out more explicitly, it would help current and future Apache projects get it right with minimum disagreement.
Harbs On Oct 23, 2014, at 10:11 AM, Bertrand Delacretaz <bdelacre...@apache.org> wrote: > Hi, > > On Thursday, October 23, 2014, Roman Shaposhnik <ro...@shaposhnik.org> > wrote: > >> ...I understand the need of projects like OO to provide binaries of some > sort, >> I just don't understand why do they have to be 'blessed' by ASF. Once >> source gets built and packaged a whole new set of issues kick in. I don't >> think the foundation is well prepared to deal with those. We might as >> well admit it explicitly... > > My understanding is that while we don't make any guarantees about > convenience binaries, and while they are not ASF releases, it is good to be > able to verify that the binary that you got is the one that someone from > the PMC prepared. > > So if our PMCs distribute convenience binaries, signing them for example is > a good thing to allow users to verify that they are using what the PMC > built, as opposed to some rogue binary. Signing doesn't mean the binary is > "blessed", it just allows users to verify that they are using what the PMC > intended to distribute. > > -Bertrand --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
