On Tue, May 12, 2009 at 10:34 PM, Roy T. Fielding <field...@gbiv.com> wrote: > On May 12, 2009, at 12:40 AM, Bertrand Delacretaz wrote: > >> On Mon, May 11, 2009 at 10:29 PM, Roy T. Fielding <field...@gbiv.com> >> wrote: >>> >>> On May 11, 2009, at 12:03 PM, Felix Meschberger wrote: >>> >>>> Carsten and I have been reasoning about the releases in the future, >>>> mainly the ones for end-users who just want to grab a binary and fire it >>>> off.... >> >>> Apache only releases source code packages. Those other things you build >>> are not releases -- they are binaries that individuals build and upload. >> >> How about naming those things "binary packages" instead of "releases"? > > A rose is still a rose ... > >> We can still use the same process for releasing them, and include a >> disclaimer that they're not official releases and provided without >> warranty etc.. > > I don't see how we can "use the same process for releasing them" when > part of that process requires comparison of the source code with what > is in subversion. An ASF release is a group decision based on peer > review, and I don't think anyone giving +1s on the binaries are > actually doing JVM decompiles and source-level comparisons to verify > the contents don't include some extra trojan horse. Running the tests > is not sufficient. > > That's why the ASF does not vote on binaries. I'd rather not make it > look like we are.
Ok, I see your point. I suggest that we clarify how we do that next time we have a concrete case. -Bertrand