On Mon, Mar 29, 2021 at 3:45 PM Justin Mclean <jmcl...@apache.org> wrote:
> > It good to see you are taking action, but I think the situation is a > little more seriously that you may realise, I suggest you look at what > actions the board has taken in similar situations in the past. I'll update > the board agenda item to reflect the current situation. > > The thread linked earlier is worth reading for sure. Again, https://lists.apache.org/thread.html/f8022be5a02c6f020aac635193e729a0f73376164cea7c38474c3dc0%401332948346%40%3Cgeneral.incubator.apache.org%3E As an ASF member and a member of the Cassandra PMC, it's pretty clear what Roy's position was in 2012. My personal, emotional response is in line with what Rob Weir said in 2012: "The issue should be lack of source code, not presence of binary code." If someone asked me what's included in a source release, without reading ANY doc or policy, I'd expect there to be the complete, unabridged source of the project, and enough context to build it. That's what Cassandra has today. The extra binaries are just that - extra. They come with no burden. They come with no obligation to use. They come with no penalty. The source for which the PMC is responsible is published, and that feels far more important to me than the absence of binary code that's trivial to remove. Roy's response in the 2012 thread, though, is unambiguous: he strongly believes, clearly with authority in 2012, that the presence of ANY binary file violates the spirit of a source release. That feels quite extreme to me, though this line is probably nuanced enough to inspire a book on trust: "One cannot vote to approve a release containing a mix of source and binary code because the binary is not open source and cannot be verified to be safe for release (even if it was derived from open source)." Based on this point, I personally won't vote to approve a future release with binary packages, but I also strongly disagree with the assertion in that same past thread that it's worth nuking a 10+year history of releases. That's the type of action that would severely diminish trust in the foundation. We SHOULD look at what's required to rebuild PAST releases. We should also admit that people are human and be reasonable along the way. Community over code and all that.
