incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <>
Subject Re: [VOTE] Release ManifoldCF 0.5-incubating, RC0
Date Tue, 27 Mar 2012 10:16:18 GMT
Please see below.

On Tue, Mar 27, 2012 at 5:50 AM, Roy T. Fielding <> wrote:
> On Mar 27, 2012, at 2:15 AM, sebb wrote:
>> On 26 March 2012 16:20, Roy T. Fielding <> wrote:
>>> On Mar 26, 2012, at 4:41 PM, Karl Wright wrote:
>>>> On Mon, Mar 26, 2012 at 10:24 AM, sebb <> wrote:
>>>>> On 26 March 2012 02:38, Shinichiro Abe <>
>>>>>> Hello Incubator IPMC,
>>>>>> Please vote on whether or not to release ManifoldCF 0.5-incubating,
>>>>>> This RC has passed our podling vote and awaits your inspection.
>>>>>> You can find the artifact at
>>>>>> in svn at
>>>>> The NOTICE file says:
>>>>> Apache ManifoldCF
>>>>> Copyright 2010-2011 The Apache Software Foundation
>>>>> The LICENSE file includes references to lots of jars that are dual
>>>>> licensed under CDDL v1.0 and GPL v2.
>>>>> However, there is no indication which license has been chosen by the
>>>>> I think this is a blocker.
>>> A project does not choose a license.  The license is provided by the copyright
>>> owner.  We do not change that license, nor do we reduce the number of the
>>> available licenses to choose from, for downstream recipients.  Therefore,
>>> it doesn't make any sense to indicate which one is "chosen".
>>> In any case, the indicated artifacts are only included in binary packages.
>>> We don't release binaries, so none of these licenses belong in our source
>>> product's LICENSE file.  We need to be clear that the source code package
>>> does not include these dependencies.  They only exist in binary distributions.
>> That's not the case with this product at present; all the jars are
>> actually in SVN and they are also in the source and binary archives.
> Do I really need to explain what "source code" means?
>  "All releases are in the form of the source materials needed to make changes to the
software being released."
> Apache releases open source and ONLY open source.  Our releases are absolutely
> forbidden to contain anything other than the open source code that is in our
> vcs-of-record, meaning code that is in the form most likely to be edited by
> recipients for the sake of modifying the product, and in some specific cases
> the generated (and open) source code of build scripts.
> Binary distributions and binary/jar dependencies MUST be separate packages
> that are not voted on by the PMC during the release vote, because they are
> not part of our product and are not released by the ASF.  No PMC has been
> granted the authority to publish binary releases on behalf of the ASF.
> It would be contrary to the mission of the foundation.  They may distribute
> binary build packages of existing source releases, but these are not ASF
> releases -- they are just builds provided by the project for user convenience.

ManifoldCF does not distribute binary build packages that do not have
a separately-published source release somewhere, and never did.

> Likewise for jar files of dependencies -- they are NOT our product and they
> MUST NOT be present in the source code package that is voted on for release.

If this is the case, you basically imply that binary distributions of
other released open source packages cannot be checked into SVN as part
of a project.  Is this what you are claiming?  If so, I suggest you
audit all Apache projects because in my estimation well over 50% of
then do not adhere to this rule.

> If podlings get this wrong, fix them.  If TLPs get this wrong, fix them.
> No project should ever leave incubator before this is drilled into their
> collective skull: The ASF produces open source software!
> If any ASF member is aware of an Apache release package that is not 100%
> open source code, you are hereby instructed to DELETE it from our servers.
> Nobody, not even me, has the right to place a compiled class in one of
> our packages and call that a source release.

I am aware of no Apache release that is not 100% open source software,
but I am aware of many that include binary distributions of other open
source released works.  Can you please clarify if such projects should
be deleted immediately?  I really have to ask for clarification on
this issue because this is entirely at odds with what I'd read and
been told in some 2+ years being involved with ASF projects.

> Is that clear?

No, please clarify.


> ....Roy
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message