Actually one more question - so we can release binaries, but we can't call them
official? Do we have wording for this? "Official source code release with
accompanying binaries for convenience" or some such?
> From: geobmx...@hotmail.com
> To: general@incubator.apache.org
> Subject: RE: [VOTE] Apache OpenOffice Community Graduation Vote
> Date: Mon, 20 Aug 2012 20:11:23 -0700
>
> Simple enough - thanks.
> > Date: Mon, 20 Aug 2012 23:05:00 -0400
> > Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote
> > From: gst...@gmail.com
> > To: general@incubator.apache.org
> >
> > On Mon, Aug 20, 2012 at 10:55 PM, Prescott Nasser <geobmx...@hotmail.com>
> > wrote:
> > > I'm sorry, I'm playing catch-up and I'm a bit unclear on the argument -
> > > Marvin said: "If the podling believes that ASF-endorsed binaries are a
> > > hard requirement,
> > > then it seems to me that the ASF is not yet ready for AOO and will not be
> > > until suitable infrastructure and legal institutions to support binary
> > > releases (sterile build machines, artifact signing, etc) have been created
> > > and a policy has been endorsed by the Board." Is AOO not able to
> > > determine that for them a binary is a hard requirement for their releases
> > > (along with source code)? I would think that ASF puts a minimum
> > > requirement on what an official release is, not a limit. Why is there a
> > > requirement for special infrustructure? (perhaps that is due to the size
> > > of AOO?) Speaking just from the Lucene.Net persective, I would consider
> > > our binaries (and nuget packages) as official - even if ASF does not
> > > specifically allow for "official releases or officially endourced
> > > binaries" - what else would they be? They were built and put up by the
> > > same guys releasing the source code.
> >
> > The simplest response is that source releases can be audited by (P)PMC
> > members. Binary releases cannot. If they cannot be audited, then how
> > can the ASF stand behind those releases? How can they state that the
> > releases are free of viruses/trojans/etc, and that the binary
> > precisely matches the compiled/built output of the audited source
> > release?
> >
> > That is the first and hardest issue about having the ASF provide
> > authenticated binaries.
> >
> > Cheers,
> > -g
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> > For additional commands, e-mail: general-h...@incubator.apache.org
> >
>
