You are viewing a plain text version of this content. The canonical link for it is here.
Posted to legal-discuss@apache.org by Ralph Goers <Ra...@dslextreme.com> on 2007/12/21 17:20:38 UTC
[Fwd: Re: LICENSE and NOTICE files and SVN]
Resending to legal-discuss instead of directly to Roland.
Maybe its me but I don't intemperate what Roy said at all that way. It
seems to me that you left out the most important part of what he was
getting at - the vote. PMCs don't vote on binaries, they vote on source
code for releases. Whether the binaries are generated before the vote or
after isn't all that relevant - except for the part where doing due
diligence means you actually try to verify the integrity of the
release. So what tool is used to tag and package or exactly what
process it may follow isn't so important compared to knowing that what
the PMC voted for is actually the source code that was packaged. Sure,
most users think the release is the binary download, but that is really
just a convenience to them. They have to be able to get the source code
and be able to build it themselves.
Ralph
Roland Weber wrote:
> Roy T. Fielding wrote:
>
>> PMCs can vote on just about anything. However, a release vote is on
>> a packaged artifact containing the complete source code and signed
>> by the release manager. If you haven't voted on that, the PMC has
>> not performed a valid release.
>>
>> Binaries are generated from release source packages. If the PMC is
>> doing something else, then it has seriously screwed the pooch and
>> may not even be releasing open source.
>>
>
> Are there any plans to fix Maven? AFAIK, Maven tags the source in
> the repository, then builds binary and source release packages from
> that tag. It does not build a source package that is signed before
> or after the binary gets built from that source. It builds both
> from the same tag, and both are signed afterwards.
> Either my understanding of Maven is wrong, or you are saying that
> every Apache project that uses Maven to generate the release
> packages is making invalid releases.
>
> cheers,
> Roland
>
>
---------------------------------------------------------------------
DISCLAIMER: Discussions on this list are informational and educational
only. Statements made on this list are not privileged, do not
constitute legal advice, and do not necessarily reflect the opinions
and policies of the ASF. See <http://www.apache.org/licenses/> for
official ASF policies and documents.
---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org