commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <>
Subject Re: Commons release policy
Date Sat, 03 Dec 2016 18:14:33 GMT
On Dec 3, 2016 9:34 AM, "Charles Honton" <> wrote:
> To follow up the thread on releasing parent 42 and exactly what needs to
signed, etc.  I’ve researched asf release policy.  Here’s the gist:
> 1. Every ASF release must contain a source package, which must be
sufficient for a user to build and test the release provided they have
access to the appropriate platform and tools. <>
> 2. A release isn't 'released' until the contents are in the project's
distribution directory, which is a subdirectory of <>.
> 3. Every artifact distributed to the public through Apache channels MUST
be accompanied by one file containing an OpenPGP compatible ASCII armored
detached signature and another file containing an MD5 checksum. <>
> What do we consider the source package for our releases?
> Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to
build and test the release?

Nope. A sources jar is a convenience for IDEs, it usually does not contain
build scripts and such. I am AFK so I am hoping someone can provide an

> Is the zip/gz just a convenience and is it still useful/required?

That should contain almost everything that is in the repo except for things
like old files like proposal.html.

> Or is it the reverse, the zip/gz is the release and the jars are the
convenience distributions?

Yep. The release are the zip/gz sources. All binaries are conveniences.
Granted that without a Maven Central jar release, a component is not easy
to reuse.


> regards,
> chas

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message