incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Prescott Nasser <geobmx...@hotmail.com>
Subject RE: [VOTE] Apache OpenOffice Community Graduation Vote
Date Tue, 21 Aug 2012 03:13:45 GMT
Actually one more question - so we can release binaries, but we can't call them official? Do
we have wording for this?  "Official source code release with accompanying binaries for convenience"
or some such?
 > From: geobmx540@hotmail.com
> To: general@incubator.apache.org
> Subject: RE: [VOTE] Apache OpenOffice Community Graduation Vote
> Date: Mon, 20 Aug 2012 20:11:23 -0700
> 
> Simple enough - thanks.
>  > Date: Mon, 20 Aug 2012 23:05:00 -0400
> > Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote
> > From: gstein@gmail.com
> > To: general@incubator.apache.org
> > 
> > On Mon, Aug 20, 2012 at 10:55 PM, Prescott Nasser <geobmx540@hotmail.com>
wrote:
> > > I'm sorry, I'm playing catch-up and I'm a bit unclear on the argument - Marvin
said:  "If the podling believes that ASF-endorsed binaries are a hard requirement,
> > > then it seems to me that the ASF is not yet ready for AOO and will not be
> > > until suitable infrastructure and legal institutions to support binary
> > > releases (sterile build machines, artifact signing, etc) have been created
> > > and a policy has been endorsed by the Board." Is AOO not able to determine
that for them a binary is a hard requirement for their releases (along with source code)?
I would think that ASF puts a minimum requirement on what an official release is, not a limit.
 Why is there a requirement for special infrustructure? (perhaps that is due to the size of
AOO?) Speaking just from the Lucene.Net persective, I would consider our binaries (and nuget
packages) as official - even if ASF does not specifically allow for "official releases or
officially endourced binaries" - what else would they be? They were built and put up by the
same guys releasing the source code.
> > 
> > The simplest response is that source releases can be audited by (P)PMC
> > members. Binary releases cannot. If they cannot be audited, then how
> > can the ASF stand behind those releases? How can they state that the
> > releases are free of viruses/trojans/etc, and that the binary
> > precisely matches the compiled/built output of the audited source
> > release?
> > 
> > That is the first and hardest issue about having the ASF provide
> > authenticated binaries.
> > 
> > Cheers,
> > -g
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> > For additional commands, e-mail: general-help@incubator.apache.org
> > 
>  		 	   		  
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message