lucene-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <>
Subject Re: [VOTE] Release Apache Nutch 1.0
Date Thu, 19 Mar 2009 13:59:35 GMT

On Thu, Mar 19, 2009 at 2:15 PM, Sami Siren <> wrote:
> Jukka Zitting wrote:
>> -1 The release contains the Java Advanced Imaging libraries
>> (jai_core.jar and jai_codec.jar) which are licensed under Sun's Binary
>> Code License. We can't redistribute those libraries.
> ok, we need to address that somehow.

See for some suggestions.

>> * Why does the release package contain pre-built documentation and
>> binaries? Downloading the 90MB package takes much longer than checking
>> out and building the 40MB tag from svn.
>> IMHO it would be a service to users to make the release contain just the
>> svn export with instruction on how to build the rest.
> I see your point about the fat artifact but I am not totally convinced that
> users (as in end users) would prefer the idea of fetching the development
> tools and compiling the software before they use it, at least I am not doing
> that with the software I use.

Most end users are happy with just the binaries. But pure source
releases are really useful for example for people that maintain custom
modifications as patches against the official source releases (think
of Linux distributions with system-specific changes, companies with
proprietary extensions, etc.). I'm not sure if Nutch yet has such

> I will discuss this with rest of the devs and see what we can do here. One
> solution could be to split the release in two parts binary only and source

That would be nice. Note that even the users who just want the
binaries benefit from such a division as also their downloads will be

>> More notably: how am I to verify that the
>> release came from the sources in our svn when it contains stuff that
>> doesn't exist in the svn?
> May be that I don't understand what you're trying to say here but isn't that
> always the case with binary releases (the difficulty to verify that the
> binary is build from certain tag from svn)?

Exactly. That's why it's so important to have a source-only release
that preferably matches one-to-one to the contents of the respective
svn tag. That should be the official release package that the PMC
reviews and approves.

There is no reasonable way to accurately review binaries, so while we
may (and should) test that they work as expected, ultimately we just
need to trust the release manager when he or she says that the
binaries are the result of building the source release. Thus we should
treat binaries as secondary release artifacts that the release manager
is providing as a convenience for users.

PS. I know there's a long tradition of doing releases the way you
prepared Nutch 1.0, and I'm not claiming that it's necessarily the
wrong way of doing things. My -1 was due to the JAI libraries, not due
to the structure of the release. However, as described above, I
personally much prefer the clear distinction between source releases
and binaries.


Jukka Zitting

View raw message