hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: [VOTE] Release HttpComponents Client 4.4-alpha1 based on RC1
Date Sun, 29 Jun 2014 15:55:36 GMT
On 29 June 2014 15:59, Oleg Kalnichevski <olegk@apache.org> wrote:
> On Sun, 2014-06-29 at 15:27 +0100, sebb wrote:
>> On 29 June 2014 15:15, Oleg Kalnichevski <olegk@apache.org> wrote:
>
> ...
>
>> >> >> >>
>> >> >> >> There's also no way to be sure that the binaries agree
with the source.
>> >> >> >
>> >> >> > And here we go. Voting on binary artifacts is equally stupid.
The only
>> >> >>
>> >> >> Sorry, that was a bad analogy.
>> >> >>
>> >> >> But there are some aspects of binary artifacts that can - and should
-
>> >> >> be checked.
>> >> >>
>> >> >> For example, sigs, hashes, NOTICE and LICENSE.
>> >> >> Ensuring that the binary artifacts don't contain bundled items
that
>> >> >> should not be present.
>> >> >> Ensuring that jars have suitable MANIFEST entries
>> >> >>
>> >> >
>> >> > Which one should do by generating those binary artifacts from the
>> >> > source.
>> >>
>> >> Huh?
>> >> How does that help?
>> >>
>> >> The binary artifacts in the release vote are the ones that are going
>> >> to be published via the ASF mirrors.
>> >> So they are the ones that need checking to ensure that nothing has
>> >> gone wrong with the build.
>> >>
>> >> Any build others may do is not directly relevant to the artifacts that
>> >> are proposed for release.
>> >>
>> >
>> > What we release is a source tarball. Binary artifacts are distributed
>> > merely for convenience of users.
>>
>> Yes, they are optional.
>>
>
> Ah, finally. So are website or any reports.

The website is not really optional as far as consumers are concerned,
but is not generally subject to a release vote.
However there are still some rules (e.g. branding) which the site must follow.

The reports are not strictly needed for consumers, although the Clirr
one may be useful.
However, some of the are important for the purpose of the release vote.

>> But they are still distributions, and still need to follow the rules
>> regarding NOTICE and LICENSE etc.
>> And sigs/hashes must be OK
>> ETC.
>>
>
> Yes, by making sure that the correct artifacts can be built from source.

No (*).

Assuming that the RM intends to publish the binary jars to Maven and
the binary bundle to the ASF mirrors, then these are distributions. As
such they must meet the requirements.

For example the ASF does not allow bundling of 3rd party code that is
not compatible with the AL2.0. This is to ensure consumers can be sure
that the downloads we provide are available under the AL2.0 license.

(*) ensuring that the artefacts can be built from source is a separate issue.

> Oleg
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message