On May 12, 2009, at 12:40 AM, Bertrand Delacretaz wrote:
On Mon, May 11, 2009 at 10:29 PM, Roy T. Fielding
<[email protected]> wrote:
On May 11, 2009, at 12:03 PM, Felix Meschberger wrote:
Carsten and I have been reasoning about the releases in the future,
mainly the ones for end-users who just want to grab a binary and
fire it
off....
Apache only releases source code packages. Those other things you
build
are not releases -- they are binaries that individuals build and
upload.
How about naming those things "binary packages" instead of "releases"?
A rose is still a rose ...
We can still use the same process for releasing them, and include a
disclaimer that they're not official releases and provided without
warranty etc..
I don't see how we can "use the same process for releasing them" when
part of that process requires comparison of the source code with what
is in subversion. An ASF release is a group decision based on peer
review, and I don't think anyone giving +1s on the binaries are
actually doing JVM decompiles and source-level comparisons to verify
the contents don't include some extra trojan horse. Running the tests
is not sufficient.
That's why the ASF does not vote on binaries. I'd rather not make it
look like we are.
....Roy
