You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Thilo Goetz <tw...@gmx.de> on 2008/03/17 11:35:13 UTC
KEYS file in distribution
Hi,
UIMA currently ships the KEYS file as part of
its distributions. I found one other Apache
project (Derby) that also does. The others
that I checked, don't (random sample of what
I had on my hard drive).
I would assume that putting the KEYS file in
the distribution is at best not necessary, and
may be counterproductive, as it might lead
people to use it. And of course you can't
verify your distribution that way. So I'm
thinking of removing the KEYS file from the
distribution.
Any compelling reasons to go one way or the
other?
--Thilo
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Wed, Mar 19, 2008 at 5:53 PM, Robert Burrell Donkin <
robertburrelldonkin@gmail.com> wrote:
> On Wed, Mar 19, 2008 at 12:03 AM, sebb <se...@gmail.com> wrote
>
<snip>
> > Looking into the HTTPD repos and comparing to the HTTPD source
> > > > tarballs, they appear to be doing the same thing: there's a
> > > > "configure" file in the source tarball, but not in the repos. In
> > > > general I'd say this is common practice for any project based on
> > > > Autotools.
> > >
> > >
> > >
> > > IMHO it's not worth getting into arguments about HTTPD current verses
> > > original/best practice
> > >
> > > yes, it's common practice but it's important to distinguish
> > terminology from
> > > presentation. what a source distribution means is a direct export
> > from
> > > subversion. it's fine to create a distribution containing generated
> > stuff;
> > > call it what you will; recommend it to users who want to build from
> > source.
> > > still counts as a binary as far as rules and whatnot go.
> >
> > And where are these rules defined?
>
>
> the terms rules is a little inaccurate: apache doesn't really have rules
> just policy and practice policy by social means
>
^^^^^^
policy -> policed
- robert
Re: KEYS file in distribution
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Wed, Mar 19, 2008 at 12:03 AM, sebb <se...@gmail.com> wrote:
> On 18/03/2008, Robert Burrell Donkin <ro...@gmail.com>
> wrote:
> > On Tue, Mar 18, 2008 at 9:44 PM, Christopher Lenz <cm...@gmx.de> wrote:
> >
> > > On 18.03.2008, at 22:06, Robert Burrell Donkin wrote:
> > > > On Tue, Mar 18, 2008 at 8:40 PM, Christopher Lenz <cm...@gmx.de>
> > > > wrote:
> > > >> I wonder because with CouchDB, source tarballs are created through
> > > >> the
> > > >> GNU-Autotools based build process, rather than being a raw `svn
> > > >> export` of the release tag. We don't keep the auto*-generated
> > > >> configure/make files in the repository (they are generated files
> > > >> after
> > > >> all), but do include them in source tarballs to limit build-time
> > > >> dependencies and make the build process easier for the user.
> > > >>
> > > >> I guess we could start checking in the generating build files into
> > > >> SVN
> > > >> if that's required. But maybe you can back that statement up a bit
> > > >> before we do so?
> > > >
> > > > lots of binary distributions at apache contain source. this makes
> them
> > > > binary distributions containing source, not source distributions.
> > >
> > > Maybe I didn't explain properly… our previous (pre-incubation) source
> > > distributions did not contain any binaries, only source. The
> > > difference between the tarballs and a source control checkout is that
> > > the former has some generated build scripts.
> >
> >
> >
> > yes: you explained that quite well the first time
> >
> > any distribution containing stuff which isn't in subversion is by
> definition
> > a binary distribution
> >
>
> Is this documented anywhere?
>
documentation: if only :-)
it's written down in the very beta release draft stuff but IMHO it doesn't
really count since it's mostly written by your truely and hasn't been
actively reviewed by the community
> Looking into the HTTPD repos and comparing to the HTTPD source
> > > tarballs, they appear to be doing the same thing: there's a
> > > "configure" file in the source tarball, but not in the repos. In
> > > general I'd say this is common practice for any project based on
> > > Autotools.
> >
> >
> >
> > IMHO it's not worth getting into arguments about HTTPD current verses
> > original/best practice
> >
> > yes, it's common practice but it's important to distinguish terminology
> from
> > presentation. what a source distribution means is a direct export from
> > subversion. it's fine to create a distribution containing generated
> stuff;
> > call it what you will; recommend it to users who want to build from
> source.
> > still counts as a binary as far as rules and whatnot go.
>
> And where are these rules defined?
the terms rules is a little inaccurate: apache doesn't really have rules
just policy and practice policy by social means
incubator policy is in
http://incubator.apache.org/incubation/Incubation_Policy.html. apache policy
which has been written down is in http://www.apache.org/dev/.
whenever the term source distribution is used is means an export of
subversion rather than anything which has extra stuff in it
- robert
Re: KEYS file in distribution
Posted by sebb <se...@gmail.com>.
On 18/03/2008, Robert Burrell Donkin <ro...@gmail.com> wrote:
> On Tue, Mar 18, 2008 at 9:44 PM, Christopher Lenz <cm...@gmx.de> wrote:
>
> > On 18.03.2008, at 22:06, Robert Burrell Donkin wrote:
> > > On Tue, Mar 18, 2008 at 8:40 PM, Christopher Lenz <cm...@gmx.de>
> > > wrote:
> > >> I wonder because with CouchDB, source tarballs are created through
> > >> the
> > >> GNU-Autotools based build process, rather than being a raw `svn
> > >> export` of the release tag. We don't keep the auto*-generated
> > >> configure/make files in the repository (they are generated files
> > >> after
> > >> all), but do include them in source tarballs to limit build-time
> > >> dependencies and make the build process easier for the user.
> > >>
> > >> I guess we could start checking in the generating build files into
> > >> SVN
> > >> if that's required. But maybe you can back that statement up a bit
> > >> before we do so?
> > >
> > > lots of binary distributions at apache contain source. this makes them
> > > binary distributions containing source, not source distributions.
> >
> > Maybe I didn't explain properly… our previous (pre-incubation) source
> > distributions did not contain any binaries, only source. The
> > difference between the tarballs and a source control checkout is that
> > the former has some generated build scripts.
>
>
>
> yes: you explained that quite well the first time
>
> any distribution containing stuff which isn't in subversion is by definition
> a binary distribution
>
Is this documented anywhere?
>
> Looking into the HTTPD repos and comparing to the HTTPD source
> > tarballs, they appear to be doing the same thing: there's a
> > "configure" file in the source tarball, but not in the repos. In
> > general I'd say this is common practice for any project based on
> > Autotools.
>
>
>
> IMHO it's not worth getting into arguments about HTTPD current verses
> original/best practice
>
> yes, it's common practice but it's important to distinguish terminology from
> presentation. what a source distribution means is a direct export from
> subversion. it's fine to create a distribution containing generated stuff;
> call it what you will; recommend it to users who want to build from source.
> still counts as a binary as far as rules and whatnot go.
And where are these rules defined?
> there is a slight possibility that fans of source distribution may complain
> if you don't issue a source distribution. IMHO if that's the case then
> that's the time to present your arguments. till then, it's just terminology.
>
>
> [snip]
> > > source distributions (svn exports) are aimed at developers so they can
> > > create accurate diffs and contribute patches, not users. they are also
> > > useful for downstream distributors who want to be able to accurately
> > > and
> > > selectively apply patches. these groups should be able to build in
> > > the same
> > > way committers do so they don't really need it easy. binary
> > > distributions
> > > are for users, source distributions for developers.
> >
> >
> > The generated source tarballs don't in anyway prevent developers from
> > providing good patches. They contain the source plus some build files
> > pre-generated for convenience (which can be regenerated from the very
> > same tarballs nonetheless).
>
>
>
> IMHO it's best to avoid getting into this kind of argument: it's just
> terminology
>
>
> Also, again similar to HTTPD, the source tarball is actually the main
> > distribution for users, too (except the Windows camp, which we don't
> > support yet anyway).
>
>
>
> that's fine
>
>
> - robert
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Tue, Mar 18, 2008 at 9:44 PM, Christopher Lenz <cm...@gmx.de> wrote:
> On 18.03.2008, at 22:06, Robert Burrell Donkin wrote:
> > On Tue, Mar 18, 2008 at 8:40 PM, Christopher Lenz <cm...@gmx.de>
> > wrote:
> >> I wonder because with CouchDB, source tarballs are created through
> >> the
> >> GNU-Autotools based build process, rather than being a raw `svn
> >> export` of the release tag. We don't keep the auto*-generated
> >> configure/make files in the repository (they are generated files
> >> after
> >> all), but do include them in source tarballs to limit build-time
> >> dependencies and make the build process easier for the user.
> >>
> >> I guess we could start checking in the generating build files into
> >> SVN
> >> if that's required. But maybe you can back that statement up a bit
> >> before we do so?
> >
> > lots of binary distributions at apache contain source. this makes them
> > binary distributions containing source, not source distributions.
>
> Maybe I didn't explain properly… our previous (pre-incubation) source
> distributions did not contain any binaries, only source. The
> difference between the tarballs and a source control checkout is that
> the former has some generated build scripts.
yes: you explained that quite well the first time
any distribution containing stuff which isn't in subversion is by definition
a binary distribution
Looking into the HTTPD repos and comparing to the HTTPD source
> tarballs, they appear to be doing the same thing: there's a
> "configure" file in the source tarball, but not in the repos. In
> general I'd say this is common practice for any project based on
> Autotools.
IMHO it's not worth getting into arguments about HTTPD current verses
original/best practice
yes, it's common practice but it's important to distinguish terminology from
presentation. what a source distribution means is a direct export from
subversion. it's fine to create a distribution containing generated stuff;
call it what you will; recommend it to users who want to build from source.
still counts as a binary as far as rules and whatnot go.
there is a slight possibility that fans of source distribution may complain
if you don't issue a source distribution. IMHO if that's the case then
that's the time to present your arguments. till then, it's just terminology.
[snip]
> > source distributions (svn exports) are aimed at developers so they can
> > create accurate diffs and contribute patches, not users. they are also
> > useful for downstream distributors who want to be able to accurately
> > and
> > selectively apply patches. these groups should be able to build in
> > the same
> > way committers do so they don't really need it easy. binary
> > distributions
> > are for users, source distributions for developers.
>
>
> The generated source tarballs don't in anyway prevent developers from
> providing good patches. They contain the source plus some build files
> pre-generated for convenience (which can be regenerated from the very
> same tarballs nonetheless).
IMHO it's best to avoid getting into this kind of argument: it's just
terminology
Also, again similar to HTTPD, the source tarball is actually the main
> distribution for users, too (except the Windows camp, which we don't
> support yet anyway).
that's fine
- robert
Re: KEYS file in distribution
Posted by Christopher Lenz <cm...@gmx.de>.
On 18.03.2008, at 22:06, Robert Burrell Donkin wrote:
> On Tue, Mar 18, 2008 at 8:40 PM, Christopher Lenz <cm...@gmx.de>
> wrote:
>> I wonder because with CouchDB, source tarballs are created through
>> the
>> GNU-Autotools based build process, rather than being a raw `svn
>> export` of the release tag. We don't keep the auto*-generated
>> configure/make files in the repository (they are generated files
>> after
>> all), but do include them in source tarballs to limit build-time
>> dependencies and make the build process easier for the user.
>>
>> I guess we could start checking in the generating build files into
>> SVN
>> if that's required. But maybe you can back that statement up a bit
>> before we do so?
>
> lots of binary distributions at apache contain source. this makes them
> binary distributions containing source, not source distributions.
Maybe I didn't explain properly… our previous (pre-incubation) source
distributions did not contain any binaries, only source. The
difference between the tarballs and a source control checkout is that
the former has some generated build scripts.
Looking into the HTTPD repos and comparing to the HTTPD source
tarballs, they appear to be doing the same thing: there's a
"configure" file in the source tarball, but not in the repos. In
general I'd say this is common practice for any project based on
Autotools.
[snip]
> source distributions (svn exports) are aimed at developers so they can
> create accurate diffs and contribute patches, not users. they are also
> useful for downstream distributors who want to be able to accurately
> and
> selectively apply patches. these groups should be able to build in
> the same
> way committers do so they don't really need it easy. binary
> distributions
> are for users, source distributions for developers.
The generated source tarballs don't in anyway prevent developers from
providing good patches. They contain the source plus some build files
pre-generated for convenience (which can be regenerated from the very
same tarballs nonetheless).
Also, again similar to HTTPD, the source tarball is actually the main
distribution for users, too (except the Windows camp, which we don't
support yet anyway).
Cheers,
--
Christopher Lenz
cmlenz at gmx.de
http://www.cmlenz.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Tue, Mar 18, 2008 at 8:40 PM, Christopher Lenz <cm...@gmx.de> wrote:
> On 18.03.2008, at 15:50, Robert Burrell Donkin wrote:
> > source distributions should be identical to the contents of version
> > control
> > when the release is cut.
>
> Where does this rule come from?
it's not a rule: it's a tautology ;-)
by definition, a source distribution consists of the contents of version
control compressed into an archive. anything else is a binary distribution.
I wonder because with CouchDB, source tarballs are created through the
> GNU-Autotools based build process, rather than being a raw `svn
> export` of the release tag. We don't keep the auto*-generated
> configure/make files in the repository (they are generated files after
> all), but do include them in source tarballs to limit build-time
> dependencies and make the build process easier for the user.
>
> I guess we could start checking in the generating build files into SVN
> if that's required. But maybe you can back that statement up a bit
> before we do so?
lots of binary distributions at apache contain source. this makes them
binary distributions containing source, not source distributions. it's fine
to distribute something along those lines to help users who want to be able
to build easily but it's not a source distribution. if it makes things
easier for users who want to build artifacts themselves, that's greats.
source distributions (svn exports) are aimed at developers so they can
create accurate diffs and contribute patches, not users. they are also
useful for downstream distributors who want to be able to accurately and
selectively apply patches. these groups should be able to build in the same
way committers do so they don't really need it easy. binary distributions
are for users, source distributions for developers.
- robert
Re: KEYS file in distribution
Posted by Christopher Lenz <cm...@gmx.de>.
On 18.03.2008, at 15:50, Robert Burrell Donkin wrote:
> source distributions should be identical to the contents of version
> control
> when the release is cut.
Where does this rule come from?
I wonder because with CouchDB, source tarballs are created through the
GNU-Autotools based build process, rather than being a raw `svn
export` of the release tag. We don't keep the auto*-generated
configure/make files in the repository (they are generated files after
all), but do include them in source tarballs to limit build-time
dependencies and make the build process easier for the user.
I guess we could start checking in the generating build files into SVN
if that's required. But maybe you can back that statement up a bit
before we do so?
Thanks,
--
Christopher Lenz
cmlenz at gmx.de
http://www.cmlenz.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Thilo Goetz <tw...@gmx.de>.
Robert Burrell Donkin wrote:
> On Mon, Mar 17, 2008 at 10:35 AM, Thilo Goetz <tw...@gmx.de> wrote:
>
>> Hi,
>>
>> UIMA currently ships the KEYS file as part of
>> its distributions. I found one other Apache
>> project (Derby) that also does. The others
>> that I checked, don't (random sample of what
>> I had on my hard drive).
>>
>> I would assume that putting the KEYS file in
>> the distribution is at best not necessary, and
>> may be counterproductive, as it might lead
>> people to use it. And of course you can't
>> verify your distribution that way. So I'm
>> thinking of removing the KEYS file from the
>> distribution.
>>
>> Any compelling reasons to go one way or the
>> other?
>
>
> source distributions should be identical to the contents of version control
> when the release is cut. if the KEYs file is present in the source that's
> cut, it should be left. if you're worried, add a note to the top of the file
> (it'll be ignored upon import). if the KEYs file is not present in version
> control, it should not be added to the source distribution.
>
> for binary distributions, it's best not to include the KEYs file
>
> - robert
>
That makes sense.
--Thilo
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Roland Weber <os...@dubioso.net>.
Robert Burrell Donkin wrote:
>
> source distributions should be identical to the contents of version control
> when the release is cut. if the KEYs file is present in the source that's
> cut, it should be left.
I believe Maven interprets some sort of assembly descriptor that
defines the subset of the Subversion export that goes into the
distribution. If you have code that is not officially supported,
but kept in Subversion for the benefit of users, you might want to
tag that with the release but not ship it in the release artifacts.
cheers,
Roland
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: KEYS file in distribution
Posted by Robert Burrell Donkin <ro...@gmail.com>.
On Mon, Mar 17, 2008 at 10:35 AM, Thilo Goetz <tw...@gmx.de> wrote:
> Hi,
>
> UIMA currently ships the KEYS file as part of
> its distributions. I found one other Apache
> project (Derby) that also does. The others
> that I checked, don't (random sample of what
> I had on my hard drive).
>
> I would assume that putting the KEYS file in
> the distribution is at best not necessary, and
> may be counterproductive, as it might lead
> people to use it. And of course you can't
> verify your distribution that way. So I'm
> thinking of removing the KEYS file from the
> distribution.
>
> Any compelling reasons to go one way or the
> other?
source distributions should be identical to the contents of version control
when the release is cut. if the KEYs file is present in the source that's
cut, it should be left. if you're worried, add a note to the top of the file
(it'll be ignored upon import). if the KEYs file is not present in version
control, it should not be added to the source distribution.
for binary distributions, it's best not to include the KEYs file
- robert