My proposal https://cwiki.apache.org/confluence/display/COMDEV/Updates+of+policies+for+the+convenience+packages have gone through the first round of comments and updates. I invite more voices to the discussion: https://lists.apache.org/thread.html/rcb608739206d788785081073a0deb417ffa9981634975fc5525dc769%40%3Cdev.community.apache.org%3E
J. On Sun, Sep 13, 2020 at 3:46 PM Jarek Potiuk <[email protected]> wrote: > Hello Everyone, > > As promised, I prepared a draft of the proposal of changes that I would > love if a number of interested people discuss it, comment, criticise, agree > on eventually, and submit to the ASF Board for Approval. > > I tried to capture all the context, but also I marked clearly all the > proposals that I think should be included in the ASF policies and clearly > marked changes that should be applied. I also tried to write it in the > "future-proof" way - I tried to make statements that do not refer to the > Images or Helm Charts, but describe general practices of "packaged" > software as opposed to "compiled" software that seems to be the origin of > the current policies. So my approach was really to try to describe and set > policies around "software packaging" in general, rather than "Images/Helm > Charts" in particular. However I believe it is much more to take the > proposed policies and apply them directly to the Images and Helm Charts > rather than the original policies. > > As promised I also commented (with inline comments), the places where I > know there are some controversies - at least those that came up in our > original discussions in Airflow - and I explained how I understand the > controversies that are around that. > > I would really love to get a lot of comments and discussion around the > proposal, before we submit the proposal - I am looking forward to your > comments! > > The proposal is here: > https://cwiki.apache.org/confluence/display/COMDEV/Updates+of+policies+for+the+convenience+packages > > > BTW. I really encourage everyone to use the "Inline comments" of CWiki > rather than commenting at the bottom (select paragraph, wait have a second > and click the resulting "comment" bubble). This makes it so much easier to > organise a discussion around certain part of the document. > > J, > > > On Thu, Sep 10, 2020 at 5:19 AM Daniel Imberman <[email protected]> > wrote: > >> Thank you Niclas, this will help us a lot in figuring out our helm >> situation >> >> via Newton Mail >> <https://cloudmagic.com/k/d/mailapp?ct=dx&cv=10.0.50&pv=10.15.6&source=email_footer_2> >> >> On Wed, Sep 9, 2020 at 5:36 AM, Kaxil Naik <[email protected]> wrote: >> >> Credits to Jarek on that one, he is the one who is actually drafting the >> proposal. >> >> On Wed, Sep 9, 2020, 13:31 Niclas Hedhman <[email protected]> wrote: >> >> > Corporate requirements are typically that they can build everything from >> > sources and have clear instructions (preferably scriptable) on how to do >> > that. >> > >> > Good to hear that ComDev is in the loop and you are together working on >> > draft proposals. It will be greatly appreciated. >> > >> > >> > Niclas >> > >> > >> > >> > On Wed, Sep 9, 2020, 13:00 Jarek Potiuk <[email protected]> >> wrote: >> > >> > > Added Niclas to my response :). Responding to devlist when someone >> from >> > > outside of it sends a message is tricky :) >> > > >> > > On Wed, Sep 9, 2020 at 12:35 PM Jarek Potiuk < >> [email protected]> >> > > wrote: >> > > >> > >> Hello Niclas, >> > >> >> > >> Thanks for that. >> > >> >> > >> I feel that this guidance already answers most of my questions. >> > >> >> > >> I volunteered to lead proposal discussion and preparation for the ASF >> > >> Board on this subject (and I am sure other PMCs from Airflow will >> also >> > be >> > >> engaged a lot, so I hope we can work out some reasonable policies on >> > that. >> > >> I hope to have the first draft proposal for discussion this week. I >> also >> > >> invited Apache Security team members who are already commenting on >> that >> > >> thread, as I think those policies should at least provide guidance on >> > all >> > >> those topics: licensing, security, stability, and "rebuildability" >> (for >> > the >> > >> lack of a better term). Those are IMHO super important if we want to >> > >> address the needs of corporate users especially (looking at the >> > >> requirements of the corporates we are working with). >> > >> >> > >> J >> > >> >> > >> >> > >> On Wed, Sep 9, 2020 at 8:38 AM Niclas Hedhman <[email protected]> >> > wrote: >> > >> >> > >>> Hi everyone, >> > >>> >> > >>> The report submitted to the September Board meeting is requesting >> > >>> guidance >> > >>> on binary releases, such as Docker and Helm. I act as the board's >> > >>> shepherd >> > >>> of Airflow, and here to help if needed. >> > >>> >> > >>> First of all, Apache Software Foundation releases Open SOURCE >> software, >> > >>> and >> > >>> the source release is always the primary one. There are many reasons >> > for >> > >>> this, such as security (one can know for sure what it contains), >> > >>> jurisprudence (trace origin,++) and usability on platforms that the >> > >>> community may not provide binaries for. >> > >>> >> > >>> Many communities provides additional binary releases, that has been >> > >>> called >> > >>> "Convenience Binaries", but the term is under >> review/reconsideration as >> > >>> they are for some communities (say, OpenOffice) the primary >> artifacts >> > >>> for >> > >>> the majority of users (OpenOffice users are typically not >> developers). >> > >>> The >> > >>> exact policies around this are being reviewed and worked on at the >> > >>> moment. >> > >>> Things like credentials to DockerHub or npm are for instance of >> > concern, >> > >>> as >> > >>> well as the long-term stability of some of these distribution >> systems. >> > >>> >> > >>> That said; in general, as long as the binaries are buildable (with >> > >>> instructions) and the product can be built and used without >> reliance on >> > >>> such external systems, then it is mostly OK and it is up to each >> > >>> community >> > >>> to decide if binaries are provided and how. If there are specific >> > >>> questions >> > >>> on release policy or special requests, then contact the >> Infrastructure >> > >>> team >> > >>> and ask if it is Ok with them. If there are more general >> > >>> thoughts/feedback/discussion items in this space, ComDev is the >> place >> > to >> > >>> approach. >> > >>> >> > >>> I will also try to do my best to answer questions here... >> > >>> >> > >>> Niclas Hedhman >> > >>> >> > >> >> > >> >> > >> -- >> > >> >> > >> Jarek Potiuk >> > >> Polidea <https://www.polidea.com/> | Principal Software Engineer >> > >> >> > >> M: +48 660 796 129 <+48660796129> >> > >> [image: Polidea] <https://www.polidea.com/> >> > >> >> > >> >> > > >> > > -- >> > > >> > > Jarek Potiuk >> > > Polidea <https://www.polidea.com/> | Principal Software Engineer >> > > >> > > M: +48 660 796 129 <+48660796129> >> > > [image: Polidea] <https://www.polidea.com/> >> > > >> > > >> > >> >> > > -- > > Jarek Potiuk > Polidea <https://www.polidea.com/> | Principal Software Engineer > > M: +48 660 796 129 <+48660796129> > [image: Polidea] <https://www.polidea.com/> > > -- Jarek Potiuk Polidea <https://www.polidea.com/> | Principal Software Engineer M: +48 660 796 129 <+48660796129> [image: Polidea] <https://www.polidea.com/>
