www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: Release Policy clarification inititiative
Date Thu, 12 Jun 2014 18:34:13 GMT
Hi Benson,

Thanks for giving the draft a close read.

On Thu, Jun 12, 2014 at 3:30 AM, Benson Margulies <bimargulies@gmail.com> wrote:
> Content:
>
>   In all such cases, the
>   binary/bytecode package MUST have the same version number as the source
>   release and MUST only add binary/bytecode files that are the result of
>   compiling that version of the source code release.
>
> Appears to me to be much narrower than current policy. It appears to
> me to forbid all redistribution of binary dependencies, regardless of
> license. If you're not trying to change the current policy, doesn't
> this need some language explicitly permitting the bundling of
> compatible dependencies?

That ambiguity is present in the current policy.

The language of the draft is taken nearly verbatim from the existing
page[1][2][3].  The only differences are:

*   One "must" was uppercased to "MUST" .
*   One "may only" was changed to "MUST only", which I maintain has the same
    meaning.

Let's consider whether we can improve the wording.

Your understanding of the policy matches my own.  What would the alternative
be?

That all dependencies must be bundled as source code in the source
release?  If that were the case, we would have no "Category B" for
dependencies which may be bundled in object form but not source form[4].

That all dependencies not bundled with source must be obtained
independently via downloads from ourside our mirror system?  Surely that is
not how the policy has been interpreted and enforced for as far back as I
know.

That leaves only one possibility: compiled packages may bundle compatibly
licensed dependencies in object form.

Here's a patch which adds the words "and its dependencies":

    https://github.com/rectang/asfrelease/commit/421dbd5

The patch omits the adjective phrase "compatibly licensed" for the sake of
brevity and because including it implies that there might be some other kind
of dependency.

Marvin Humphrey

[1] http://www.apache.org/dev/release#what
[2] https://github.com/rectang/asfrelease/commit/308fa28
[3] https://github.com/rectang/asfrelease/commit/ca1f583
[4] http://www.apache.org/legal/resolved.html#category-b

Mime
View raw message