commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Honton <c...@honton.org>
Subject Commons release policy
Date Sat, 03 Dec 2016 17:34:13 GMT
To follow up the thread on releasing parent 42 and exactly what needs to signed, etc.  I’ve
researched asf release policy.  Here’s the gist:

1. Every ASF release must contain a source package, which must be sufficient for a user
to build and test the release provided they have access to the appropriate platform and tools.
<http://www.apache.org/dev/release#what-must-every-release-contain>

2. A release isn't 'released' until the contents are in the project's distribution directory,
which is a subdirectory of www.apache.org/dist/ <http://www.apache.org/dev/release#where-do-releases-go>.

3. Every artifact distributed to the public through Apache channels MUST be accompanied by
one file containing an OpenPGP compatible ASCII armored detached signature and another file
containing an MD5 checksum. <https://www.apache.org/dev/release-distribution.html#sigs-and-sums>

What do we consider the source package for our releases?  
Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to build and test the release?
 
Is the zip/gz just a convenience and is it still useful/required?  
Or is it the reverse, the zip/gz is the release and the jars are the convenience distributions?

regards,
chas
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message