Hi, On Thu, Mar 19, 2009 at 2:15 PM, Sami Siren <[email protected]> wrote: > Jukka Zitting wrote: >> -1 The release contains the Java Advanced Imaging libraries >> (jai_core.jar and jai_codec.jar) which are licensed under Sun's Binary >> Code License. We can't redistribute those libraries. > > ok, we need to address that somehow.
See https://issues.apache.org/jira/browse/NUTCH-724 for some suggestions. >> * Why does the release package contain pre-built documentation and >> binaries? Downloading the 90MB package takes much longer than checking >> out and building the 40MB tag from svn. >> IMHO it would be a service to users to make the release contain just the >> svn export with instruction on how to build the rest. > > I see your point about the fat artifact but I am not totally convinced that > users (as in end users) would prefer the idea of fetching the development > tools and compiling the software before they use it, at least I am not doing > that with the software I use. Most end users are happy with just the binaries. But pure source releases are really useful for example for people that maintain custom modifications as patches against the official source releases (think of Linux distributions with system-specific changes, companies with proprietary extensions, etc.). I'm not sure if Nutch yet has such users. > I will discuss this with rest of the devs and see what we can do here. One > solution could be to split the release in two parts binary only and source That would be nice. Note that even the users who just want the binaries benefit from such a division as also their downloads will be faster. >> More notably: how am I to verify that the >> release came from the sources in our svn when it contains stuff that >> doesn't exist in the svn? > > May be that I don't understand what you're trying to say here but isn't that > always the case with binary releases (the difficulty to verify that the > binary is build from certain tag from svn)? Exactly. That's why it's so important to have a source-only release that preferably matches one-to-one to the contents of the respective svn tag. That should be the official release package that the PMC reviews and approves. There is no reasonable way to accurately review binaries, so while we may (and should) test that they work as expected, ultimately we just need to trust the release manager when he or she says that the binaries are the result of building the source release. Thus we should treat binaries as secondary release artifacts that the release manager is providing as a convenience for users. PS. I know there's a long tradition of doing releases the way you prepared Nutch 1.0, and I'm not claiming that it's necessarily the wrong way of doing things. My -1 was due to the JAI libraries, not due to the structure of the release. However, as described above, I personally much prefer the clear distinction between source releases and binaries. BR, Jukka Zitting
