groovy-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <>
Subject Jars in disguise (was: [VOTE] Release Apache Groovy 2.4.4-incubating)
Date Mon, 15 Jun 2015 07:12:58 GMT

On Sun, Jun 14, 2015 at 8:43 PM, Pascal Schumacher
<> wrote:
> ...jars under "src/test/resources" are now gone....

Encoding those jars in base64 as in [1] does not mean they are gone,
they're just encoded in a different way.

If those jars are useful for testing, it's much preferable IMO to have
them as jar files to make it obvious that the source code does contain
binaries. Maybe isolate them in a single folder and include a readme
file in their which explains why they are useful and lists their sha1
digests so people can detect any changes to them.

That code says

> // Apache License does not allow jars/binaries in the source

but avoiding binaries in Apache releases has nothing to do with the
Apache License, it's just that there's usually no way for someone to
verify that a lone binary file has not been tampered with, and we want
our users to be able to trust what we release. Hiding stuff in source
code does not look very trustful to me.



View raw message