incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: [VOTE] Apache OpenOffice Community Graduation Vote
Date Tue, 21 Aug 2012 01:50:24 GMT
I do not dispute the existence of other reliable creators of binary distributions.  The *nix
packagings and installation in consumer desktops are notable for the value that they provide.
 

I think that experience teaches us that there absolutely needs to be a way to obtain and install
*authentic* binary distributions made using the release sources with a proper set of options
for a given platform.

It is near impossible to provide end-user support and bug confirmation without agreement on
the authentic bindist that is being use and that it is a bindist made from known sources.

And there are enough fraudulent distributions out there that this is critical as a way to
safeguard users.

For that reason alone, there needs to be an authenticated bindist, especially for Windows,
the 80% that garners the focused attention of miscreants and opportunists.  

That is also the reason for wanting signed binaries that pass verification on Windows and
OS X.  There needs to be a way for everyday users to receive every assurance that they are
installing an authentic bindist and that it is verifiable who the origin is.  I suspect that
reliable packagers of unique distributions (including any from IBM) will provide their own
verifiable authenticity.

 - Dennis

-----Original Message-----
From: drew [mailto:drew@baseanswers.com] 
Sent: Monday, August 20, 2012 18:00
To: general@incubator.apache.org
Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote

On Mon, 2012-08-20 at 17:01 -0700, Marvin Humphrey wrote:
> On Mon, Aug 20, 2012 at 3:03 PM, drew <drew@baseanswers.com> wrote:
> > Well, for myself, I don't have a problem with the AOO project not having
> > official binary releases - in such a circumstance I would strongly
> > prefer no binary release at all.
> 
> I wonder who might step into the breach to provide binaries for such a
> package...

Hi,

Well, for a start:

IBM stated it will release a free binary version at some point, after
shutting down the Symphony product.

CS2C, a Chinese firm working in cooperation with Ernest and Young IIRC,
releases a binary based on the source code - in fact I'm not even sure
AOO supplied binaries are available to most folks in China.

Multiracio releases a closed source version of the application for sale
in Europe and the US.

In the past quite a few Linux distributors included binary releases in
their offerings, they consume source not binaries.

The current BSD, OS/2 and Solaris ports will go out as source only from
AOO, but come to end users from a third party repository, unless I
totally missed what was happening there (and I might off ;)

There are currently two groups which offer binary versions packaged to
run off USB drives, as far as I understand it, they work from source and
don't require binaries.

Finally this is a well known brand now, it would be hard to believe that
if AOO did not release binaries the void would not be filled by others.

//drew

ps - sorry if this double posts... 

> 
> > On the other hand if there is a binary release from the AOO project then
> > I believe it should be treated as a fully endorsed action.
> 
> At the ASF, the source release is canonical.  I have never seen anyone assert
> that the source release is not offical and endorsed by the ASF.
> 
> There has been disagreement about whether binaries should be official or not.
> To the best of my knowledge, every time the matter has come up, the debate has
> been resolved with a compromise: that while binary releases are not endorsed
> by the ASF, they may be provided in addition to the source release for the
> "convenience" of users.
> 
> What is different with AOO is that the compromise does not seem to satisfy
> an element within the PPMC and thus the matter is being forced.
> 
> It would be a lot of hard, time-consuming work for the ASF to build the
> institutions necessary to provide binary releases that approach the standards
> our source releases set.  (As illustrated by e.g. the challenges of setting up
> the code signing service.)  Not all of us are convinced that it is for the
> best, either.
> 
> Marvin Humphrey
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message