www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris A. Mattmann (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-323) Clarify if binary artifacts are part of a release
Date Tue, 01 Aug 2017 22:24:00 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16109892#comment-16109892
] 

Chris A. Mattmann commented on LEGAL-323:
-----------------------------------------

Andrew:

I don't know how to make it clearer. The only requirements are surrounding the ASF's actual
products, which are source code releases. 

That said:
 1. The ASF infrastructure team manages our world-wide software distribution infrastructure.
The expectation, and reputation of the ASF is that our products and releases comport to the
Apache License requirements, and to those requirements imbued and codified as described on
this page: http://www.apache.org/legal/resolved.html. PMCs that use binary artifacts to circumvent
ASF legal policy as described on that page may find those artifacts to no longer be allowed
distribution on ASF infrastructure. (note, key word, "may") Is this something you or the PMC
would like to risk?

2. The ASF policies are no different from other corporate policies. I encourage you to read
up on their need here: http://www.businessdictionary.com/definition/corporate-policy.html

3. Downstream users of ASF software expect source code. It's part of our core mission. 


> Clarify if binary artifacts are part of a release
> -------------------------------------------------
>
>                 Key: LEGAL-323
>                 URL: https://issues.apache.org/jira/browse/LEGAL-323
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Andrew Wang
>            Assignee: Chris A. Mattmann
>
> Hi,
> Reading the release policy and particularly http://www.apache.org/legal/release-policy.html#compiled-packages
I'm still confused as to whether binary artifacts are considered part of a release.
> {quote}
> The Apache Software Foundation produces open source software. All releases are in the
form of the source materials needed to make changes to the software being released.
> As a convenience to users that might not have the appropriate tools to build a compiled
version of the source, binary/bytecode packages MAY be distributed alongside official Apache
releases.
> {quote}
> This seems to imply that only the source is the official release. Binary artifacts are
not part of the release, and are just distributed on the side.
> Reading the rest of this page though, it's pretty clear that binary artifacts still need
to adhere to the requirements for release artifacts, e.g. licensing and distribution location.
> What does this mean in practical terms? If we build a tarball with jars and native libraries
in it, is it part of our official release? What about jars uploaded to Maven Central? When
the PMC votes on a release, are we voting on just the source tarball, or also these additional
binary artifacts?
> Thanks,
> Andrew



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org


Mime
View raw message