commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Honton <>
Subject Commons release policy
Date Sat, 03 Dec 2016 17:34:13 GMT
To follow up the thread on releasing parent 42 and exactly what needs to signed, etc.  I’ve
researched asf release policy.  Here’s the gist:

1. Every ASF release must contain a source package, which must be sufficient for a user
to build and test the release provided they have access to the appropriate platform and tools.

2. A release isn't 'released' until the contents are in the project's distribution directory,
which is a subdirectory of <>.

3. Every artifact distributed to the public through Apache channels MUST be accompanied by
one file containing an OpenPGP compatible ASCII armored detached signature and another file
containing an MD5 checksum. <>

What do we consider the source package for our releases?  
Are the xxx-sources.jar,  xxx-test-sources.jar, and pom sufficient to build and test the release?
Is the zip/gz just a convenience and is it still useful/required?  
Or is it the reverse, the zip/gz is the release and the jars are the convenience distributions?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message