Return-Path: X-Original-To: apmail-hc-dev-archive@www.apache.org Delivered-To: apmail-hc-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2D70611CE2 for ; Sun, 29 Jun 2014 15:56:05 +0000 (UTC) Received: (qmail 38094 invoked by uid 500); 29 Jun 2014 15:56:04 -0000 Delivered-To: apmail-hc-dev-archive@hc.apache.org Received: (qmail 38065 invoked by uid 500); 29 Jun 2014 15:56:04 -0000 Mailing-List: contact dev-help@hc.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "HttpComponents Project" Delivered-To: mailing list dev@hc.apache.org Received: (qmail 38053 invoked by uid 99); 29 Jun 2014 15:56:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Jun 2014 15:56:02 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of sebbaz@gmail.com designates 209.85.212.175 as permitted sender) Received: from [209.85.212.175] (HELO mail-wi0-f175.google.com) (209.85.212.175) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Jun 2014 15:55:57 +0000 Received: by mail-wi0-f175.google.com with SMTP id r20so4868285wiv.2 for ; Sun, 29 Jun 2014 08:55:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=aExKoLjvr27hXb0owqOluTDuMENlmsPLdJySypmpRck=; b=ETKvIb6kaU7uf6J4fkBrrw2b9rqivxbJncLfEjTDmsguVHRStykpm2zm0MRxP7h2SL ccGO4XAnKgfgR1VAMRalCYBwWkHw3V94DPRXb+4ODb3cFjKlqEKVeoPtDJ2QZLCsBxxK UW40CNMX0Bhv5CCjE5TbqhNOORaaU5iFWSoRRT3hvHOopzTqsFv2zYnjvWJ9O+QHUjTE fQmZ5w3akGcLAp0/15GJnmsMD/3rTOUjCHIfx98/N0L+LrlgWs+MqlHKkzrliItKMhiT TOWVLfPZ0RmgLCSXI2txyXRYnwbCQiV9ofxxxz157K2W3BrjyQPf2A37tx9yWt4uGRdm J7yw== MIME-Version: 1.0 X-Received: by 10.180.221.196 with SMTP id qg4mr24084672wic.66.1404057336364; Sun, 29 Jun 2014 08:55:36 -0700 (PDT) Received: by 10.194.108.199 with HTTP; Sun, 29 Jun 2014 08:55:36 -0700 (PDT) In-Reply-To: <1404053964.15474.1.camel@ubuntu> References: <1403714005.10592.1.camel@ubuntu> <1403855847.23981.0.camel@ubuntu> <1403872248.576.1.camel@ubuntu> <1403880423.5473.3.camel@ubuntu> <1403881529.5473.11.camel@ubuntu> <1403886338.7430.13.camel@ubuntu> <1403898245.12543.6.camel@ubuntu> <1403944094.16520.4.camel@ubuntu> <1404042902.6021.5.camel@ubuntu> <1404049325.12487.3.camel@ubuntu> <1404051354.13648.2.camel@ubuntu> <1404053964.15474.1.camel@ubuntu> Date: Sun, 29 Jun 2014 16:55:36 +0100 Message-ID: Subject: Re: [VOTE] Release HttpComponents Client 4.4-alpha1 based on RC1 From: sebb To: HttpComponents Project Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org On 29 June 2014 15:59, Oleg Kalnichevski wrote: > On Sun, 2014-06-29 at 15:27 +0100, sebb wrote: >> On 29 June 2014 15:15, Oleg Kalnichevski wrote: > > ... > >> >> >> >> >> >> >> >> There's also no way to be sure that the binaries agree with the source. >> >> >> > >> >> >> > And here we go. Voting on binary artifacts is equally stupid. The only >> >> >> >> >> >> Sorry, that was a bad analogy. >> >> >> >> >> >> But there are some aspects of binary artifacts that can - and should - >> >> >> be checked. >> >> >> >> >> >> For example, sigs, hashes, NOTICE and LICENSE. >> >> >> Ensuring that the binary artifacts don't contain bundled items that >> >> >> should not be present. >> >> >> Ensuring that jars have suitable MANIFEST entries >> >> >> >> >> > >> >> > Which one should do by generating those binary artifacts from the >> >> > source. >> >> >> >> Huh? >> >> How does that help? >> >> >> >> The binary artifacts in the release vote are the ones that are going >> >> to be published via the ASF mirrors. >> >> So they are the ones that need checking to ensure that nothing has >> >> gone wrong with the build. >> >> >> >> Any build others may do is not directly relevant to the artifacts that >> >> are proposed for release. >> >> >> > >> > What we release is a source tarball. Binary artifacts are distributed >> > merely for convenience of users. >> >> Yes, they are optional. >> > > Ah, finally. So are website or any reports. The website is not really optional as far as consumers are concerned, but is not generally subject to a release vote. However there are still some rules (e.g. branding) which the site must follow. The reports are not strictly needed for consumers, although the Clirr one may be useful. However, some of the are important for the purpose of the release vote. >> But they are still distributions, and still need to follow the rules >> regarding NOTICE and LICENSE etc. >> And sigs/hashes must be OK >> ETC. >> > > Yes, by making sure that the correct artifacts can be built from source. No (*). Assuming that the RM intends to publish the binary jars to Maven and the binary bundle to the ASF mirrors, then these are distributions. As such they must meet the requirements. For example the ASF does not allow bundling of 3rd party code that is not compatible with the AL2.0. This is to ensure consumers can be sure that the downloads we provide are available under the AL2.0 license. (*) ensuring that the artefacts can be built from source is a separate issue. > Oleg > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org > For additional commands, e-mail: dev-help@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org For additional commands, e-mail: dev-help@hc.apache.org