On Thu, May 10, 2018 at 3:31 AM, Huxing Zhang <hux...@apache.org> wrote:
> Hi, > > On Thu, May 10, 2018 at 3:59 PM, Willem Jiang <willem.ji...@gmail.com> > wrote: > > Is there any plan for going through the vote process of Binary file? > > Yes, binaries will also go through the vote process. No. It makes no sense. There is NO WAY to verify a binary. Even compiling from source to binary on your machine, and trying to compare against a target binary will generally fail since timestamps are embedded. Or maybe there are different compilers being used. The Foundation *never* votes on binaries, because the Foundation DOES NOT RELEASE BINARIES. The Foundation only votes/authorizes/releases source code. REPEAT: only source code. Only source. Which is verifiable. Which has provenance. Regards, -g (Member, skipping my Infra hat)
