www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: What constitutes a source release?
Date Wed, 01 May 2013 09:36:06 GMT
On Apr 30, 2013, at 11:39 PM, Henri Yandell wrote:

> Taking a stab at the clear policy, I'd propose adding this to resolved.html:
> 
> "Source distributions must not contain binaries <quiet>(but let's not discuss binaries
that are not enforced like http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/icons/)</quiet>.
It's fine to have the user run a script to download binaries after they have downloaded the
source <quiet>(such as download-binaries-from-svn-tag.sh, or perhaps when first running
the application)</quiet>. " 
> 
> Either it's not clear to me, or the current policy is really just a vision towards a
policy.
> 
> Hen

FWIW, I meant the binary object forms of compiled source code.
That is what "binaries" means to me.

If you think binaries means "anything other than text formats",
then we are mis-communicating.  I don't know why you would think
that, given character encodings for text are just another
form of binary encoding, but it might be an age thing.

Apache releases also contain generated scripts (where
the source for those generated scripts is also included) and
assorted other things that don't pose a security risk to
recipients.  The policies are: (1) we only release open source
that can be distributed under the terms of the Apache License,
and the PMC release votes are based on individually (2) inspecting
the source package to ensure that it can be used to build the
Apache product and corresponds to some version of the source
that the PMC is maintaining in our version control system(s)
and (3) verifying that the contents are believed to be safe/legal
for us to distribute.

....Roy
Mime
View raw message