Branko Čibej wrote: > > Wait a minute. Are you implying that the "project" *should* release > binaries? Wouldn't such a requirement apply to, say, APR, to keep this > close to home?
s/should/may/ Greg pointed out I make win32 binaries and these are not mandated, I do so only because I trusted that typical win32 users wouldn't know a compiler if it bit them on the toe, and the httpd project/ASF lets me do this -for the project-. Yes, the release is a bunch of source code. The resulting binaries (or .jar file or whatever) is simply an artifact but is provided by the ASF, not I personally. My point is that we categorically do not host outside party binaries here (if you want, invite them to become committers). We need them bound by a CLA before an artifact they roll is posted on ASF infrastructure. > Certainly any volunteer with proper karma can build binaries from the > release tarballs, and if those binaries happen to pass muster wrt > ASF-mandated legalities, then from my understanding it should be OK to > host such binaries on ASF's infrastructure. But that's not the same as > the project releasing those binaries -- lack of digital sigs on them is > a dead giveaway. Howso? > How many APR and/or httpd commiters sign your Windows binary packages? Only one; my own gpg key, look at that chain of trust and you'll find at least 2 more httpd (apr) committers who have signed that key. I have never released any artifacts --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
