Hi Sebb, On Sat, Feb 22, 2014 at 2:19 AM, sebb <seb...@gmail.com> wrote:
> I've had a quick look at the (sole) archive, and it contains both > source and compiled jars. > Although it is OK to release convenience binaries, there must be a > source only release, as that is the ASF mission - to release open > source. > The "what must every release contain" doc says: Every ASF release *must* contain a source package, which must be sufficient for a user to build and test the release provided they have access to the appropriate platform and tools. The source package must be cryptographically signed <http://www.apache.org/dev/release-signing.html> by the Release Manager with a detached signature; and that package together with its signature must be tested prior to voting +1 for release. We can mentor the podling to produce a separate source only tarball, but this might be a point of confusion, because the candidate tarball here conforms to the above language, I have personally built and tested this release from the properly signed tarball. It is a source tarball also containing compiled binaries. -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
