On Wed, Oct 22, 2014 at 9:37 PM, Roman Shaposhnik <ro...@shaposhnik.org> wrote:
> I understand the need of projects like OO to provide binaries of some sort, > I just don't understand why do they have to be 'blessed' by ASF. Once > source gets built and packaged a whole new set of issues kick in. I don't > think the foundation is well prepared to deal with those. We might as > well admit it explicitly. > AOO has very special needs for signing that are expressed well later in another sub-thread. Another aspect of binary releases is that even if you don't really need a blessed distro, there are several aspects of the blessing ritual which are very helpful. For Apache Drill, these include: 1) if I produce a release, it *really* helps to have several eyes beside my own on the process. Even if I never claim that this is a blessed release and I never provide my binary release via any Apache channel, it is a huge benefit to have the community help ensure the quality of the release. Having a community blessed procedure to build a binary also increases the probable quality of any commercial versions. Quality here means mostly license provenance quality, which is something often overlooked by commercial builds. 2) it is substantially in the project's interest to both (a) have links to binary convenience packages, and (b) have links to those packages on the project web site. As a PMC member, I am very uneasy about providing links to packages that the PMC has not inspected carefully. As such, the blessing ritual serves an important role here as well. Different projects will have very different needs, of course, but Drill definitely finds value in careful inspection of binary artifacts.
