Hi Sebb, https://community.apache.org/apache-way/apache-project-maturity-model.html
> On Mar 8, 2021, at 3:41 AM, sebb <[email protected]> wrote: > > What does "and/or" in RE30 really mean? > Is it intentional? > > --------- > RE30 > Releases are signed and/or distributed along with digests that can be > reliably used to validate the downloaded archives. > --------- > > Expanding the and/or, I read this two ways: > > 1) Releases are signed and distributed along with digests that can be > reliably used to validate the downloaded archives. > > 2) Releases are signed or distributed along with digests that can be > reliably used to validate the downloaded archives. > > Statement 1 seems clear to me. I agree. It could even be clearer that signatures and digests (SHA256 and/or SHA512) are both required. Maybe the type of digest was the origin of the and/or... > > Statement 2 appears to imply that releases don't have to be signed -- > if it means anything. I cannot parse this one either. Craig > > Sebb. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > Craig L Russell [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
