Return-Path: <legal-discuss-return-12004-archive-asf-public=cust-asf.ponee.io@apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id D3659200B12
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Sun, 12 Jun 2016 09:59:47 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id D2215160A2C; Sun, 12 Jun 2016 07:59:47 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 01B47160A06
	for <archive-asf-public@cust-asf.ponee.io>; Sun, 12 Jun 2016 09:59:46 +0200 (CEST)
Received: (qmail 73401 invoked by uid 500); 12 Jun 2016 07:59:46 -0000
Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:legal-discuss-help@apache.org>
List-Unsubscribe: <mailto:legal-discuss-unsubscribe@apache.org>
List-Post: <mailto:legal-discuss@apache.org>
Reply-To: legal-discuss@apache.org
List-Id: <legal-discuss.apache.org>
Delivered-To: mailing list legal-discuss@apache.org
Received: (qmail 73391 invoked by uid 99); 12 Jun 2016 07:59:45 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 12 Jun 2016 07:59:45 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 63F70C182C
	for <legal-discuss@apache.org>; Sun, 12 Jun 2016 07:59:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.28
X-Spam-Level: *
X-Spam-Status: No, score=1.28 tagged_above=-999 required=6.31
	tests=[HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=2,
	RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Received: from mx2-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024)
	with ESMTP id UME80NYJ5qov for <legal-discuss@apache.org>;
	Sun, 12 Jun 2016 07:59:42 +0000 (UTC)
Received: from mail-wm0-f49.google.com (mail-wm0-f49.google.com [74.125.82.49])
	by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 6A9815FAC5
	for <legal-discuss@apache.org>; Sun, 12 Jun 2016 07:59:42 +0000 (UTC)
Received: by mail-wm0-f49.google.com with SMTP id v199so40116365wmv.0
        for <legal-discuss@apache.org>; Sun, 12 Jun 2016 00:59:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:reply-to:subject:references:to:from:message-id
         :date:user-agent:mime-version:in-reply-to;
        bh=NFLz0kkgYZ2a8NJPo3lIuVuj6Cq48Q9+HVjoKQ5slUY=;
        b=WEvDq4DzWv7AqTrPAWV5A0nz/3bl7S5ns6+1JYYb2XHIdIIwD0DXn5jig2HhHVTjkt
         Cb15Bbp/BiqO9RJ618tAyGacJJGCxj1A0tDBApLXIdEHNRHxqiJe2tpDAOBuSKmG+28J
         pfBycd5G7kzrjC5pfRFPGcnMZgE1VwCtse82bC+p+1ec/lhkJYFauovlTOBDfGmFXuL3
         XIYYLMahqLPCIlJyoCaexFICSN7fhY1cdbSYJRizm0ez0pIn5WaRxwCSI1P7P4uyAjCR
         RVmLVzBEWJSD3MIQH1BB/pG4cwkNXcHtZmo5i6++XwWnpnVIFrGlw3d36qou8ggU/XpI
         yk0Q==
X-Gm-Message-State: ALyK8tILcaX3fPnpV/9GpM/Q4KAsgwrZyeIARQyzDzCTXrAYynusW4BJiZWW9FJCROXnKw==
X-Received: by 10.195.17.166 with SMTP id gf6mr9122398wjd.124.1465718381363;
        Sun, 12 Jun 2016 00:59:41 -0700 (PDT)
Received: from ?IPv6:2a00:1028:838e:2c66:4838:ebe9:555a:b00a? (dynamic-2a00-1028-838e-2c66-4838-ebe9-555a-b00a.ipv6.broadband.iol.cz. [2a00:1028:838e:2c66:4838:ebe9:555a:b00a])
        by smtp.googlemail.com with ESMTPSA id vv1sm21091672wjc.34.2016.06.12.00.59.39
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 12 Jun 2016 00:59:40 -0700 (PDT)
Reply-To: sharan@apache.org
Subject: Re: Request for clarification of Release Policy regarding external
 jar files
References: <575AB39E.5090800@apache.org>
 <CAAS6=7gVXGHqeKVeFV_r1849Qpi0+Ca0jc2QWQBQfRdZnCwVpA@mail.gmail.com>
 <D3803670.6E528%aharui@adobe.com>
To: Alex Harui <aharui@adobe.com>,
 "legal-discuss@apache.org" <legal-discuss@apache.org>
From: Sharan F <sharan@apache.org>
Message-ID: <575D1665.6020400@apache.org>
Date: Sun, 12 Jun 2016 09:59:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <D3803670.6E528%aharui@adobe.com>
Content-Type: multipart/alternative;
 boundary="------------070404010602030503040206"
archived-at: Sun, 12 Jun 2016 07:59:48 -0000

--------------070404010602030503040206
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi Alex

I'll give you some context as to why I asked the question.

We recently kicked off what we hope to be a large effort to tidy up and 
significantly re-factor our trunk. As as part of that work we wanted to 
explore better ways to handle any external dependencies so before we got 
any further into our discussions, we wanted to check that we had the 
correct understanding of the options available.

Thanks
Sharan



On 10/06/16 18:23, Alex Harui wrote:
>
> On 6/10/16, 7:04 AM, "Marvin Humphrey" <marvin@rectangular.com> wrote:
>
>>> "source releases" do not contain binaries
>> Yes.
> Where binaries == compiled source.  AIUI, you can have other "binaries"
> like images and fonts in the source package.  IIRC, bundling compressed
> sources is discouraged as well.
>
>>> projects may also publish "binary releases"
>> This is not accurate.  Third parties (most often the release manager) may
>> provide compiled packages.  The colloquialism typically used to refer to
>> these
>> packages is "convenience binaries".
>>
>> The Foundation does not endorse binary packages because such packages are
>> opaque and cannot be audited by a PMC.
> All true, but AIUI, if the 3rd party is a release manager, the RM is
> allowed to distribute those binary packages from Apache servers.
>
> I'm curious as to what scenario Sharan is dealing with.
>
> -Alex
>


--------------070404010602030503040206
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <meta http-equiv="content-type" content="text/html; charset=utf-8">
    <p style="margin-bottom: 0cm; line-height: 100%">Hi Alex<br>
    </p>
    <p style="margin-bottom: 0cm; line-height: 100%">I'll give you some
      context
      as to why I asked the question.<br>
    </p>
    <p style="margin-bottom: 0cm; line-height: 100%">We recently kicked
      off what we hope to be a large effort to tidy up and significantly
      re-factor our trunk. As as part of that work we wanted to explore
      better
      ways to handle any external dependencies so before we got any
      further into our discussions, we wanted to check that we had the
      correct understanding of the options available.<br>
    </p>
    <p style="margin-bottom: 0cm; line-height: 100%">Thanks<br>
      Sharan</p>
    <title></title>
    <meta name="generator" content="LibreOffice 4.2.8.2 (Linux)">
    <style type="text/css">
	<!--
		@page { margin: 2cm }
		p { margin-bottom: 0.25cm; line-height: 120% }
	-->
	</style><br>
    <br>
    <div class="moz-cite-prefix">On 10/06/16 18:23, Alex Harui wrote:<br>
    </div>
    <blockquote cite="mid:D3803670.6E528%25aharui@adobe.com" type="cite">
      <pre wrap="">

On 6/10/16, 7:04 AM, "Marvin Humphrey" <a class="moz-txt-link-rfc2396E" href="mailto:marvin@rectangular.com">&lt;marvin@rectangular.com&gt;</a> wrote:

</pre>
      <blockquote type="cite">
        <pre wrap="">
</pre>
        <blockquote type="cite">
          <pre wrap="">"source releases" do not contain binaries
</pre>
        </blockquote>
        <pre wrap="">
Yes.
</pre>
      </blockquote>
      <pre wrap="">
Where binaries == compiled source.  AIUI, you can have other "binaries"
like images and fonts in the source package.  IIRC, bundling compressed
sources is discouraged as well.

</pre>
      <blockquote type="cite">
        <pre wrap="">
</pre>
        <blockquote type="cite">
          <pre wrap="">projects may also publish "binary releases"
</pre>
        </blockquote>
        <pre wrap="">
This is not accurate.  Third parties (most often the release manager) may
provide compiled packages.  The colloquialism typically used to refer to
these
packages is "convenience binaries".

The Foundation does not endorse binary packages because such packages are
opaque and cannot be audited by a PMC.
</pre>
      </blockquote>
      <pre wrap="">
All true, but AIUI, if the 3rd party is a release manager, the RM is
allowed to distribute those binary packages from Apache servers.

I'm curious as to what scenario Sharan is dealing with.

-Alex

</pre>
    </blockquote>
    <br>
  </body>
</html>

--------------070404010602030503040206--