I'll cancel this vote and start a vote on a new RC shortly. There was a pretty serious bug that was found in this one anyway.
Is it best practice to have a separate source-only tar bar and not include the source in the binary tar ball? Or should it be included in both? Thanks, James On Mon, Feb 24, 2014 at 10:11 AM, Andrew Purtell <apurt...@apache.org>wrote: > Hi Sebb, > > On Sat, Feb 22, 2014 at 2:19 AM, sebb <seb...@gmail.com> wrote: > > > I've had a quick look at the (sole) archive, and it contains both > > source and compiled jars. > > Although it is OK to release convenience binaries, there must be a > > source only release, as that is the ASF mission - to release open > > source. > > > > The "what must every release contain" doc says: > > Every ASF release *must* contain a source package, which must be sufficient > for a user to build and test the release provided they have access to the > appropriate platform and tools. The source package must be > cryptographically > signed <http://www.apache.org/dev/release-signing.html> by the Release > Manager with a detached signature; and that package together with its > signature must be tested prior to voting +1 for release. > > > We can mentor the podling to produce a separate source only tarball, but > this might be a point of confusion, because the candidate tarball here > conforms to the above language, I have personally built and tested this > release from the properly signed tarball. It is a source tarball also > containing compiled binaries. > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White) >
