www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r1717313 - /infrastructure/site/trunk/content/legal/release-policy.mdtext
Date Mon, 30 Nov 2015 19:53:49 GMT
Author: jim
Date: Mon Nov 30 19:53:49 2015
New Revision: 1717313

URL: http://svn.apache.org/viewvc?rev=1717313&view=rev
Update w/ terms


Modified: infrastructure/site/trunk/content/legal/release-policy.mdtext
URL: http://svn.apache.org/viewvc/infrastructure/site/trunk/content/legal/release-policy.mdtext?rev=1717313&r1=1717312&r2=1717313&view=diff
--- infrastructure/site/trunk/content/legal/release-policy.mdtext (original)
+++ infrastructure/site/trunk/content/legal/release-policy.mdtext Mon Nov 30 19:53:49 2015
@@ -27,7 +27,159 @@ and the [design goals of this policy](mi
-# Release Questions # {#releases}
+# Release Policy # {#policy}
+## Definition of "release" ## {#release-definition}
+Generically, a release is anything that is published beyond the group
+that owns it.  For an Apache project, that means any publication outside the
+development community, defined as individuals actively participating in
+development or following the dev list.
+More narrowly, an official Apache release is one which has been endorsed as an
+"act of the Foundation" by a PMC.
+## Release approval ## {#release-approval}
+Each PMC MUST obey the ASF requirements on approving any release.
+For a release vote to pass, a minimum of three positive votes and more
+positive than negative votes MUST be cast.  Releases may not be vetoed.
+Votes cast by PMC members are binding.
+Before casting +1 binding votes, individuals are REQUIRED to download all
+signed source code packages onto their own hardware, verify that they meet all
+requirements of ASF policy on releases as described below, validate all
+cryptographic signatures, compile as provided, and test the result on their
+own platform.
+Release votes SHOULD remain open for at least 72 hours.
+## Publication ## {#publication}
+Projects SHALL publish official releases and SHALL NOT publish unreleased
+materials outside the development community.
+During the process of developing software and preparing a release, various
+packages are made available to the development community for testing
+purposes. **Projects MUST direct outsiders towards official releases rather
+than raw source repositories, nightly builds, snapshots, release
+candidates, or any other similar packages.** The only people who are
+supposed to know about such developer resources are individuals actively
+participating in development or following the dev list and thus aware of the
+conditions placed on unreleased materials.
+## Artifacts ## {#artifacts}
+### Source packages ### {#source-packages}
+Every ASF release MUST contain one or more source packages, which MUST be
+sufficient for a user to build and test the release provided they have
+access to the appropriate platform and tools.
+### Release signing ### {#release-signing}
+All supplied packages MUST be cryptographically signed by the Release
+Manager with a detached signature.  Folks who vote +1
+for release MAY offer their own cryptographic signature to be concatenated
+with the detached signature file (at the Release Manager's discretion)
+prior to release.
+### Compiled packages ### {#compiled-packages}
+The Apache Software Foundation produces open source software. All releases
+are in the form of the source materials needed to make changes to the
+software being released.
+As a convenience to users that might not have the appropriate tools to build a
+compiled version of the source, binary/bytecode packages MAY be distributed
+alongside official Apache releases.  In all such cases, the
+binary/bytecode package MUST have the same version number as the source
+release and MUST only add binary/bytecode files that are the result of
+compiling that version of the source code release and its dependencies.
+## Licensing ## {#licensing}
+Every ASF release MUST comply with ASF licensing policy. This
+requirement is of utmost importance and an audit SHOULD be performed before
+any full release is created.  In particular, every artifact distributed MUST
+contain only appropriately licensed code per [Apache Licensing
+## Licensing Documentation ## {#licensing-documentation}
+Each package MUST provide a `LICENSE` file and a `NOTICE` file which account
+for the package's exact content.  `LICENSE` and `NOTICE` MUST NOT provide
+unnecessary information about materials which are not bundled in the package,
+such as separately downloaded dependencies.
+For source packages, `LICENSE` and `NOTICE` MUST be located at the root of the
+distribution.  For additional packages, they MUST be located in the
+distribution format's customary location for licensing materials, such as the
+`META-INF` directory of Java "jar" files.
+### The `LICENSE` file ### {#license-file}
+The `LICENSE` file MUST contain the full text of the [Apache License
+When a package bundles code under several licenses, the `LICENSE` file
+MUST contain details of all these licenses. For each component which is not
+Apache licensed, details of the component MUST be appended to the `LICENSE`
+file.  The component license itself MUST either be appended or else stored
+elsewhere in the package with a pointer to it from the `LICENSE` file, e.g.
+if the license is long.
+### The `NOTICE` file ### {#notice-file}
+The `NOTICE` file must conform to the requirements of [Apache licensing
+See also [section 4(d)](licenses/LICENSE-2.0.html#redistribution) of the
+Apache License 2.0.
+### License Headers ### {#license-headers}
+Source files consisting of works submitted directly to the ASF by the
+copyright owner or owner's agent must contain the appropriate [ASF license
+## Release Distribution ## {#release-distribution}
+Once a release is approved, all artifacts MUST be uploaded to the project's
+subdirectory within the canonical Apache distribution channel,
+The PMC is responsible for the project distribution directory and MUST be able
+to account for its entire contents.  All release artifacts within the
+directory MUST be signed by a committer, preferably a PMC member.
+After uploading to the canonical distribution channel, the project (or anyone
+else) MAY redistribute the artifacts in accordance with their licensing
+through other channels.
+### Release Archival ## {#release-archival}
+All official releases MUST be archived permanently on archive.apache.org.
+(Uploading to the canonical distribution channel satisfies this requirement
+because archival happens automatically as a side effect.)
+## Release Policy Administration ## {#administration}
+Projects MUST notify the Board of Directors of any deviations from recommended
+or required policy directives.
+Changes to Release Policy must be approved by Legal Affairs.
+## TODO
+Formalize additional official policies and reference them from this policy:
+*   _ASF Licensing Policy_ (curated by Legal Affairs, applies to both released
+    and unreleased code)
+# Release FAQ # {#releases}
 ## Why Do We Need a Foundation-Wide Policy? ## {#why}

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message