Hello Everyone, As promised, I prepared a draft of the proposal of changes that I would love if a number of interested people discuss it, comment, criticise, agree on eventually, and submit to the ASF Board for Approval.
I tried to capture all the context, but also I marked clearly all the proposals that I think should be included in the ASF policies and clearly marked changes that should be applied. I also tried to write it in the "future-proof" way - I tried to make statements that do not refer to the Images or Helm Charts, but describe general practices of "packaged" software as opposed to "compiled" software that seems to be the origin of the current policies. So my approach was really to try to describe and set policies around "software packaging" in general, rather than "Images/Helm Charts" in particular. However I believe it is much more to take the proposed policies and apply them directly to the Images and Helm Charts rather than the original policies. As promised I also commented (with inline comments), the places where I know there are some controversies - at least those that came up in our original discussions in Airflow - and I explained how I understand the controversies that are around that. I would really love to get a lot of comments and discussion around the proposal, before we submit the proposal - I am looking forward to your comments! The proposal is here: https://cwiki.apache.org/confluence/display/COMDEV/Updates+of+policies+for+the+convenience+packages BTW. I really encourage everyone to use the "Inline comments" of CWiki rather than commenting at the bottom (select paragraph, wait have a second and click the resulting "comment" bubble). This makes it so much easier to organise a discussion around certain part of the document. J, On Thu, Sep 10, 2020 at 5:19 AM Daniel Imberman <daniel.imber...@gmail.com> wrote: > Thank you Niclas, this will help us a lot in figuring out our helm > situation > > via Newton Mail > <https://cloudmagic.com/k/d/mailapp?ct=dx&cv=10.0.50&pv=10.15.6&source=email_footer_2> > > On Wed, Sep 9, 2020 at 5:36 AM, Kaxil Naik <kaxiln...@gmail.com> wrote: > > Credits to Jarek on that one, he is the one who is actually drafting the > proposal. > > On Wed, Sep 9, 2020, 13:31 Niclas Hedhman <nic...@apache.org> wrote: > > > Corporate requirements are typically that they can build everything from > > sources and have clear instructions (preferably scriptable) on how to do > > that. > > > > Good to hear that ComDev is in the loop and you are together working on > > draft proposals. It will be greatly appreciated. > > > > > > Niclas > > > > > > > > On Wed, Sep 9, 2020, 13:00 Jarek Potiuk <jarek.pot...@polidea.com> > wrote: > > > > > Added Niclas to my response :). Responding to devlist when someone from > > > outside of it sends a message is tricky :) > > > > > > On Wed, Sep 9, 2020 at 12:35 PM Jarek Potiuk <jarek.pot...@polidea.com > > > > > wrote: > > > > > >> Hello Niclas, > > >> > > >> Thanks for that. > > >> > > >> I feel that this guidance already answers most of my questions. > > >> > > >> I volunteered to lead proposal discussion and preparation for the ASF > > >> Board on this subject (and I am sure other PMCs from Airflow will also > > be > > >> engaged a lot, so I hope we can work out some reasonable policies on > > that. > > >> I hope to have the first draft proposal for discussion this week. I > also > > >> invited Apache Security team members who are already commenting on > that > > >> thread, as I think those policies should at least provide guidance on > > all > > >> those topics: licensing, security, stability, and "rebuildability" > (for > > the > > >> lack of a better term). Those are IMHO super important if we want to > > >> address the needs of corporate users especially (looking at the > > >> requirements of the corporates we are working with). > > >> > > >> J > > >> > > >> > > >> On Wed, Sep 9, 2020 at 8:38 AM Niclas Hedhman <nic...@apache.org> > > wrote: > > >> > > >>> Hi everyone, > > >>> > > >>> The report submitted to the September Board meeting is requesting > > >>> guidance > > >>> on binary releases, such as Docker and Helm. I act as the board's > > >>> shepherd > > >>> of Airflow, and here to help if needed. > > >>> > > >>> First of all, Apache Software Foundation releases Open SOURCE > software, > > >>> and > > >>> the source release is always the primary one. There are many reasons > > for > > >>> this, such as security (one can know for sure what it contains), > > >>> jurisprudence (trace origin,++) and usability on platforms that the > > >>> community may not provide binaries for. > > >>> > > >>> Many communities provides additional binary releases, that has been > > >>> called > > >>> "Convenience Binaries", but the term is under review/reconsideration > as > > >>> they are for some communities (say, OpenOffice) the primary artifacts > > >>> for > > >>> the majority of users (OpenOffice users are typically not > developers). > > >>> The > > >>> exact policies around this are being reviewed and worked on at the > > >>> moment. > > >>> Things like credentials to DockerHub or npm are for instance of > > concern, > > >>> as > > >>> well as the long-term stability of some of these distribution > systems. > > >>> > > >>> That said; in general, as long as the binaries are buildable (with > > >>> instructions) and the product can be built and used without reliance > on > > >>> such external systems, then it is mostly OK and it is up to each > > >>> community > > >>> to decide if binaries are provided and how. If there are specific > > >>> questions > > >>> on release policy or special requests, then contact the > Infrastructure > > >>> team > > >>> and ask if it is Ok with them. If there are more general > > >>> thoughts/feedback/discussion items in this space, ComDev is the place > > to > > >>> approach. > > >>> > > >>> I will also try to do my best to answer questions here... > > >>> > > >>> Niclas Hedhman > > >>> > > >> > > >> > > >> -- > > >> > > >> Jarek Potiuk > > >> Polidea <https://www.polidea.com/> | Principal Software Engineer > > >> > > >> M: +48 660 796 129 <+48660796129> > > >> [image: Polidea] <https://www.polidea.com/> > > >> > > >> > > > > > > -- > > > > > > Jarek Potiuk > > > Polidea <https://www.polidea.com/> | Principal Software Engineer > > > > > > M: +48 660 796 129 <+48660796129> > > > [image: Polidea] <https://www.polidea.com/> > > > > > > > > > > -- Jarek Potiuk Polidea <https://www.polidea.com/> | Principal Software Engineer M: +48 660 796 129 <+48660796129> [image: Polidea] <https://www.polidea.com/>
