I am thinking to stop releasing the tarballs without the security code. They do not really add anything, the secure tarballs work perfectly OK without security. The secure builds just have some source and class files.
I would also get rid of the non-secure build completely and just have one way to build HBase. Any objections? Are there any other reasons to build both a secure and non-secure tarball? Export restrictions, or anything? I think that would also make it trivial to release the secure bits to maven (but maven is black magic to me, so I do not know for sure). -- Lars
