www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris A. Mattmann (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-323) Clarify if binary artifacts are part of a release
Date Tue, 01 Aug 2017 16:05:00 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109157#comment-16109157
] 

Chris A. Mattmann commented on LEGAL-323:
-----------------------------------------

Hi,

The ASF releases source code that is our key product. Per the release policy you've quoted
some PMCs may choose to produce convenience binary artifacts. Inasmuch as these are not official
ASF products, they MAY be distributed alongside Apache releases. If a PMC chooses to do so,
I would strongly suggest that as much as possible those artifacts apply that same level of
merit e.g., LICENSES, NOTICE files distributed in them, etc.

To your other questions:

bq. What does this mean in practical terms? If we build a tarball with jars and native libraries
in it, is it part of our official release? 

No

bq. What about jars uploaded to Maven Central?

No
bq. When the PMC votes on a release, are we voting on just the source tarball, or also these
additional binary artifacts?

The PMC officially releases the source code. 


> Clarify if binary artifacts are part of a release
> -------------------------------------------------
>
>                 Key: LEGAL-323
>                 URL: https://issues.apache.org/jira/browse/LEGAL-323
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Andrew Wang
>
> Hi,
> Reading the release policy and particularly http://www.apache.org/legal/release-policy.html#compiled-packages
I'm still confused as to whether binary artifacts are considered part of a release.
> {quote}
> The Apache Software Foundation produces open source software. All releases are in the
form of the source materials needed to make changes to the software being released.
> As a convenience to users that might not have the appropriate tools to build a compiled
version of the source, binary/bytecode packages MAY be distributed alongside official Apache
releases.
> {quote}
> This seems to imply that only the source is the official release. Binary artifacts are
not part of the release, and are just distributed on the side.
> Reading the rest of this page though, it's pretty clear that binary artifacts still need
to adhere to the requirements for release artifacts, e.g. licensing and distribution location.
> What does this mean in practical terms? If we build a tarball with jars and native libraries
in it, is it part of our official release? What about jars uploaded to Maven Central? When
the PMC votes on a release, are we voting on just the source tarball, or also these additional
binary artifacts?
> Thanks,
> Andrew



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message