Thanks, will check it out this week. On Wed, Sep 16, 2020, 14:11 Jarek Potiuk <[email protected]> wrote:
> My proposal > > https://cwiki.apache.org/confluence/display/COMDEV/Updates+of+policies+for+the+convenience+packages > have > gone through the first round of comments and updates. I invite more voices > to the discussion: > > https://lists.apache.org/thread.html/rcb608739206d788785081073a0deb417ffa9981634975fc5525dc769%40%3Cdev.community.apache.org%3E > > J. > > On Sun, Sep 13, 2020 at 3:46 PM Jarek Potiuk <[email protected]> > wrote: > > > Hello Everyone, > > > > As promised, I prepared a draft of the proposal of changes that I would > > love if a number of interested people discuss it, comment, criticise, > agree > > on eventually, and submit to the ASF Board for Approval. > > > > I tried to capture all the context, but also I marked clearly all the > > proposals that I think should be included in the ASF policies and clearly > > marked changes that should be applied. I also tried to write it in the > > "future-proof" way - I tried to make statements that do not refer to the > > Images or Helm Charts, but describe general practices of "packaged" > > software as opposed to "compiled" software that seems to be the origin of > > the current policies. So my approach was really to try to describe and > set > > policies around "software packaging" in general, rather than "Images/Helm > > Charts" in particular. However I believe it is much more to take the > > proposed policies and apply them directly to the Images and Helm Charts > > rather than the original policies. > > > > As promised I also commented (with inline comments), the places where I > > know there are some controversies - at least those that came up in our > > original discussions in Airflow - and I explained how I understand the > > controversies that are around that. > > > > I would really love to get a lot of comments and discussion around the > > proposal, before we submit the proposal - I am looking forward to your > > comments! > > > > The proposal is here: > > > https://cwiki.apache.org/confluence/display/COMDEV/Updates+of+policies+for+the+convenience+packages > > > > > > BTW. I really encourage everyone to use the "Inline comments" of CWiki > > rather than commenting at the bottom (select paragraph, wait have a > second > > and click the resulting "comment" bubble). This makes it so much easier > to > > organise a discussion around certain part of the document. > > > > J, > > > > > > On Thu, Sep 10, 2020 at 5:19 AM Daniel Imberman < > [email protected]> > > wrote: > > > >> Thank you Niclas, this will help us a lot in figuring out our helm > >> situation > >> > >> via Newton Mail > >> < > https://cloudmagic.com/k/d/mailapp?ct=dx&cv=10.0.50&pv=10.15.6&source=email_footer_2 > > > >> > >> On Wed, Sep 9, 2020 at 5:36 AM, Kaxil Naik <[email protected]> wrote: > >> > >> Credits to Jarek on that one, he is the one who is actually drafting the > >> proposal. > >> > >> On Wed, Sep 9, 2020, 13:31 Niclas Hedhman <[email protected]> wrote: > >> > >> > Corporate requirements are typically that they can build everything > from > >> > sources and have clear instructions (preferably scriptable) on how to > do > >> > that. > >> > > >> > Good to hear that ComDev is in the loop and you are together working > on > >> > draft proposals. It will be greatly appreciated. > >> > > >> > > >> > Niclas > >> > > >> > > >> > > >> > On Wed, Sep 9, 2020, 13:00 Jarek Potiuk <[email protected]> > >> wrote: > >> > > >> > > Added Niclas to my response :). Responding to devlist when someone > >> from > >> > > outside of it sends a message is tricky :) > >> > > > >> > > On Wed, Sep 9, 2020 at 12:35 PM Jarek Potiuk < > >> [email protected]> > >> > > wrote: > >> > > > >> > >> Hello Niclas, > >> > >> > >> > >> Thanks for that. > >> > >> > >> > >> I feel that this guidance already answers most of my questions. > >> > >> > >> > >> I volunteered to lead proposal discussion and preparation for the > ASF > >> > >> Board on this subject (and I am sure other PMCs from Airflow will > >> also > >> > be > >> > >> engaged a lot, so I hope we can work out some reasonable policies > on > >> > that. > >> > >> I hope to have the first draft proposal for discussion this week. I > >> also > >> > >> invited Apache Security team members who are already commenting on > >> that > >> > >> thread, as I think those policies should at least provide guidance > on > >> > all > >> > >> those topics: licensing, security, stability, and "rebuildability" > >> (for > >> > the > >> > >> lack of a better term). Those are IMHO super important if we want > to > >> > >> address the needs of corporate users especially (looking at the > >> > >> requirements of the corporates we are working with). > >> > >> > >> > >> J > >> > >> > >> > >> > >> > >> On Wed, Sep 9, 2020 at 8:38 AM Niclas Hedhman <[email protected]> > >> > wrote: > >> > >> > >> > >>> Hi everyone, > >> > >>> > >> > >>> The report submitted to the September Board meeting is requesting > >> > >>> guidance > >> > >>> on binary releases, such as Docker and Helm. I act as the board's > >> > >>> shepherd > >> > >>> of Airflow, and here to help if needed. > >> > >>> > >> > >>> First of all, Apache Software Foundation releases Open SOURCE > >> software, > >> > >>> and > >> > >>> the source release is always the primary one. There are many > reasons > >> > for > >> > >>> this, such as security (one can know for sure what it contains), > >> > >>> jurisprudence (trace origin,++) and usability on platforms that > the > >> > >>> community may not provide binaries for. > >> > >>> > >> > >>> Many communities provides additional binary releases, that has > been > >> > >>> called > >> > >>> "Convenience Binaries", but the term is under > >> review/reconsideration as > >> > >>> they are for some communities (say, OpenOffice) the primary > >> artifacts > >> > >>> for > >> > >>> the majority of users (OpenOffice users are typically not > >> developers). > >> > >>> The > >> > >>> exact policies around this are being reviewed and worked on at the > >> > >>> moment. > >> > >>> Things like credentials to DockerHub or npm are for instance of > >> > concern, > >> > >>> as > >> > >>> well as the long-term stability of some of these distribution > >> systems. > >> > >>> > >> > >>> That said; in general, as long as the binaries are buildable (with > >> > >>> instructions) and the product can be built and used without > >> reliance on > >> > >>> such external systems, then it is mostly OK and it is up to each > >> > >>> community > >> > >>> to decide if binaries are provided and how. If there are specific > >> > >>> questions > >> > >>> on release policy or special requests, then contact the > >> Infrastructure > >> > >>> team > >> > >>> and ask if it is Ok with them. If there are more general > >> > >>> thoughts/feedback/discussion items in this space, ComDev is the > >> place > >> > to > >> > >>> approach. > >> > >>> > >> > >>> I will also try to do my best to answer questions here... > >> > >>> > >> > >>> Niclas Hedhman > >> > >>> > >> > >> > >> > >> > >> > >> -- > >> > >> > >> > >> Jarek Potiuk > >> > >> Polidea <https://www.polidea.com/> | Principal Software Engineer > >> > >> > >> > >> M: +48 660 796 129 <+48660796129> > >> > >> [image: Polidea] <https://www.polidea.com/> > >> > >> > >> > >> > >> > > > >> > > -- > >> > > > >> > > Jarek Potiuk > >> > > Polidea <https://www.polidea.com/> | Principal Software Engineer > >> > > > >> > > M: +48 660 796 129 <+48660796129> > >> > > [image: Polidea] <https://www.polidea.com/> > >> > > > >> > > > >> > > >> > >> > > > > -- > > > > Jarek Potiuk > > Polidea <https://www.polidea.com/> | Principal Software Engineer > > > > M: +48 660 796 129 <+48660796129> > > [image: Polidea] <https://www.polidea.com/> > > > > > > -- > > Jarek Potiuk > Polidea <https://www.polidea.com/> | Principal Software Engineer > > M: +48 660 796 129 <+48660796129> > [image: Polidea] <https://www.polidea.com/> >
