incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <>
Subject Binary dependencies in source releases (Was: [VOTE] Release ManifoldCF 0.5-incubating, RC0)
Date Tue, 27 Mar 2012 10:57:56 GMT

[dropped infra@, I believe most interested people are already on general@]

Let's decouple this thread from the specific issue of the ManifoldCF
release. There's a long tradition of Apache releases like the ones
ManifoldCF is producing, so turning this suddenly into a blocker is
IMHO bad business, especially since no legal issues are involved (this
is about Apache policy). If we do come to the consensus that releases
like this are contrary to Apache policy, then affected projects should
be given a reasonable amount of time to adapt.

Also, let's make a clear distinction between "binary distributions"
(i.e. the packages that result from building one of our source
releases) and "binary dependencies" (i.e. binary distributions of
upstream projects). AFAICT there's clear consensus that binary
distributions are *not* official Apache releases, and we've been
pretty consistent about that so far. However, the word on binary
dependencies is much less clear. There's explicit Apache policy
(category B, etc.) that talks about binary dependencies and plenty of
Apache releases contain them. This is clearly not an area where we
have consensus.

On Tue, Mar 27, 2012 at 11:50 AM, Roy T. Fielding <> wrote:
> Likewise for jar files of dependencies -- they are NOT our product and they
> MUST NOT be present in the source code package that is voted on for release.

Citation needed. Note that the "source materials" reference you
mentioned earlier is vague. It covers stuff like configure scripts in
httpd releases, test files, and indeed (as far as it so far has been
interpreted) binary dependencies of upstream open source projects. I'm
fine if this point needs to be clarified and some current practice
terminated, but let's follow standard process to do so.

> If any ASF member is aware of an Apache release package that is not 100%
> open source code, you are hereby instructed to DELETE it from our servers.

What hat are you holding here? Which packages explicitly are you referring to?


Jukka Zitting

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message