Julian Foad wrote on Wed, Jan 08, 2020 at 11:53:53 +0000: > Brane wrote: > > [...] "no binary packages" policy [...] > > There is not a "no binary packages" policy; I addressed this with a footnote > in my original email. Specifically, ASF policy says a project MAY > distribute binaries: > > http://www.apache.org/legal/release-policy.html#compiled-packages
My understanding is that binaries are allowed onto the mirror system but aren't subject to the legal shield, because there's no way for the PMC to audit them. If the binaries are bit-for-bit reproducible and have been blessed by a dev@ vote they might be allowed to enter the legal shield, but AFAIK no project has actually asked for this yet.
