On Tue, Aug 4, 2015 at 2:22 AM, Jochen Theodorou <blackd...@gmx.org> wrote:
> It was also mentioned here, that for example publishing snapshot builds to > maven central is not allowed. I guess in the release document they are > basically to be handled as nightly builds and as such not for the general > public, thus only for the dev-list. It was said, that having the SNAPSHOT > appendix in the jar name as well as not being able to automatically get > them via maven without having to add that "tag" is not enough for the > end-user to know for, that this is no official release. And that if such > things are going into the distribution repository, they have to be handled > as release, including voting and such. For that I guess it does not matter > if it is the apache repository or something else. > > What would happen if a third party would do this? Is the project/apache > required to do something about this? I mean if you read this: > http://mail-archives.apache.org/mod_mbox/incubator-general/201506.mbox/%3CD1B01671.4EE90%25rvesse%40dotnetrdf.org%3E > some even see nightly builds, not communicated beyond the dev-list on > non-apache servers already as a problem. > > Let us put that last part a step up... Let us assume someone takes one of > the released sources of one of the java projects out there, makes maven > artifacts out of it and publishes them at maven central. Is that ok? I mean > that is very near the distributor case, so it should be ok, or not? > That is fine. Just make sure that the published org is NOT org.apache.foo Apache software is wide open for anybody to use. If you want to take responsibility for nightly binary artifacts that *you* create and which are clearly not from Apache, you are good to go. The key is to be clear on what people are getting.
