www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LEGAL-323) Clarify if binary artifacts are part of a release
Date Wed, 02 Aug 2017 04:28:01 GMT

    [ https://issues.apache.org/jira/browse/LEGAL-323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16110282#comment-16110282

Christopher Tubbs commented on LEGAL-323:

I think there's two issues being asked about here, and I think it's important to separate
them out for clarity:

# The definition of "official release", and
# ASF distribution policies on its infrastructure

For the first item, what we're really talking about is a "Release", which has a specific "official"
definition (a source artifact approved for public distribution by a PMC through a majority
vote). Other items, such as "convenience binaries" can be "released" (in the colloquial sense
of "to make available", not the "official" sense) alongside the "Release", but that doesn't
make them an official "Release".

For the second item, it's important to realize that some ASF policies apply to the "Release",
but others apply more broadly. The distribution policy described in https://www.apache.org/legal/resolved.html#prohibited
, for example, applies to both "Releases" *and* "convenience binaries". Just because an artifact
is not an "official release" doesn't mean there isn't ASF policy that applies. And some policies
we think of as applying to "official releases", such as the NOTICE files and Cat-X dependency
and redistribution restrictions, actually apply to more than that.

So, to answer the original post, "Clarify if binary artifacts are part of a release", the
answer is: they might be part of your project's release process/workflow/conventions, and
released (colloquial) by your project, but they are not considered a "Release" for the purposes
of certain ASF policies. But, they may still be covered by other ASF policies applying to
things other than a "Release". When your project includes convenience binaries in your release
vote, what you're really doing is concurrently voting to approve the "official release" as
well as voting to release (colloquial) the convenience binaries. The decision to do this concurrently
may not have been made explicitly, but it's a common thing to do, and is probably a good idea,
but is up to each project to decide.

This is just my unofficial perspective (but I think I'm right). I hope this perspective helps
the original poster.

Aside/mini-rant: Personally, I wish ASF would just ban all convenience binaries. It complicates
policy, confuses people, and competes with downstream packagers unnecessarily. I'd rather
see more ASF committers also get involved in downstream packaging of their projects, and build
stronger collaborations with downstream open source communities like Linux and BSD (and Homebrew
and Docker, etc.). I know certain Linux distros could really use the extra help from upstream
project experts, and upstream projects can benefit from the community growth and more well-defined
support lifecycles from downstream.

> Clarify if binary artifacts are part of a release
> -------------------------------------------------
>                 Key: LEGAL-323
>                 URL: https://issues.apache.org/jira/browse/LEGAL-323
>             Project: Legal Discuss
>          Issue Type: Question
>            Reporter: Andrew Wang
>            Assignee: Chris A. Mattmann
> Hi,
> Reading the release policy and particularly http://www.apache.org/legal/release-policy.html#compiled-packages
I'm still confused as to whether binary artifacts are considered part of a release.
> {quote}
> The Apache Software Foundation produces open source software. All releases are in the
form of the source materials needed to make changes to the software being released.
> As a convenience to users that might not have the appropriate tools to build a compiled
version of the source, binary/bytecode packages MAY be distributed alongside official Apache
> {quote}
> This seems to imply that only the source is the official release. Binary artifacts are
not part of the release, and are just distributed on the side.
> Reading the rest of this page though, it's pretty clear that binary artifacts still need
to adhere to the requirements for release artifacts, e.g. licensing and distribution location.
> What does this mean in practical terms? If we build a tarball with jars and native libraries
in it, is it part of our official release? What about jars uploaded to Maven Central? When
the PMC votes on a release, are we voting on just the source tarball, or also these additional
binary artifacts?
> Thanks,
> Andrew

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message