From general-return-35097-apmail-incubator-general-archive=incubator.apache.org@incubator.apache.org Tue Mar 27 10:58:44 2012 Return-Path: X-Original-To: apmail-incubator-general-archive@www.apache.org Delivered-To: apmail-incubator-general-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A63F79EB6 for ; Tue, 27 Mar 2012 10:58:44 +0000 (UTC) Received: (qmail 87175 invoked by uid 500); 27 Mar 2012 10:58:43 -0000 Delivered-To: apmail-incubator-general-archive@incubator.apache.org Received: (qmail 86936 invoked by uid 500); 27 Mar 2012 10:58:43 -0000 Mailing-List: contact general-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@incubator.apache.org Delivered-To: mailing list general@incubator.apache.org Received: (qmail 86927 invoked by uid 99); 27 Mar 2012 10:58:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Mar 2012 10:58:43 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jukka.zitting@gmail.com designates 209.85.212.171 as permitted sender) Received: from [209.85.212.171] (HELO mail-wi0-f171.google.com) (209.85.212.171) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Mar 2012 10:58:38 +0000 Received: by wibhj13 with SMTP id hj13so4006555wib.0 for ; Tue, 27 Mar 2012 03:58:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=AFMcxx1tmXFgMeSwI/YGFam0ylAkC3yFFR76cmrUr+E=; b=hQWlOP6HSuFnF02WHYbv5GqDXeN/qW1qEoC5bfA8+rxZn/QZLm82K1xQ5xh/B8wfsv 82ajkMAEUrOwan3fcq8aWo3xW6H+p7D40db2UG5Le28cN8pf926VHPTmF5E8TURdAYO6 2gjXDFTbBKzLC6kRWCH30JGXt87Bz6A+siahpG9v51Sa3TNPaqnk9C7+zSw9QOjIU6HJ ngt1ZFtwL919NJLiKAs0i5i8vUrgIXLEeCBt48sCWHFiHTNOgWpsPfvSZ95DVmYtbxFd ifU1V98hfQu+21mHAZKa1CnyXO0Z55JN+jQHkSrgkAzvKIFp5FjPLI8a2ny/fp285cYu YLTw== Received: by 10.216.70.195 with SMTP id p45mr1467383wed.5.1332845896871; Tue, 27 Mar 2012 03:58:16 -0700 (PDT) MIME-Version: 1.0 Received: by 10.180.84.199 with HTTP; Tue, 27 Mar 2012 03:57:56 -0700 (PDT) From: Jukka Zitting Date: Tue, 27 Mar 2012 12:57:56 +0200 Message-ID: Subject: Binary dependencies in source releases (Was: [VOTE] Release ManifoldCF 0.5-incubating, RC0) To: general@incubator.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi, [dropped infra@, I believe most interested people are already on general@] Let's decouple this thread from the specific issue of the ManifoldCF release. There's a long tradition of Apache releases like the ones ManifoldCF is producing, so turning this suddenly into a blocker is IMHO bad business, especially since no legal issues are involved (this is about Apache policy). If we do come to the consensus that releases like this are contrary to Apache policy, then affected projects should be given a reasonable amount of time to adapt. Also, let's make a clear distinction between "binary distributions" (i.e. the packages that result from building one of our source releases) and "binary dependencies" (i.e. binary distributions of upstream projects). AFAICT there's clear consensus that binary distributions are *not* official Apache releases, and we've been pretty consistent about that so far. However, the word on binary dependencies is much less clear. There's explicit Apache policy (category B, etc.) that talks about binary dependencies and plenty of Apache releases contain them. This is clearly not an area where we have consensus. On Tue, Mar 27, 2012 at 11:50 AM, Roy T. Fielding wrote: > Likewise for jar files of dependencies -- they are NOT our product and they > MUST NOT be present in the source code package that is voted on for release. Citation needed. Note that the "source materials" reference you mentioned earlier is vague. It covers stuff like configure scripts in httpd releases, test files, and indeed (as far as it so far has been interpreted) binary dependencies of upstream open source projects. I'm fine if this point needs to be clarified and some current practice terminated, but let's follow standard process to do so. > If any ASF member is aware of an Apache release package that is not 100% > open source code, you are hereby instructed to DELETE it from our servers. What hat are you holding here? Which packages explicitly are you referring to? BR, Jukka Zitting --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org For additional commands, e-mail: general-help@incubator.apache.org