On Thu, Feb 7, 2019 at 4:43 PM Hen <bay...@apache.org> wrote: > > > On Thu, Feb 7, 2019 at 1:49 PM Justin Mclean <jus...@classsoftware.com> > wrote: > >> Hi, >> >> > 2. The PPMC should not publish software outside of Apache controlled >> locations. >> >> I’m trying to find where the above has come from as I can find anything >> in the release or distribution policies. [1] says “It is appropriate to >> distribute official releases through downstream channels, but inappropriate >> to distribute unreleased materials through them.”, [4] say this is OK "In >> all such cases, the binary/bytecode package must have the same version >> number as the source release and may only add binary/bytecode files that >> are the result of compiling that version of the source code release.” >> >> So everything there to me is saying it’s OK to distribute versions of >> release software on platforms like docker and I not sure where the "Apache >> controlled locations only” restriction has come from. >> > > I'm trying to understand from the thread on legal-discuss on the subject. > Which frankly I think I'm failing to do. > > I see these DockerHub accounts: > > https://hub.docker.com/_/httpd (HTTP Server from Docker?) > https://hub.docker.com/r/bitnami/apache/ (HTTP Server from Bitnami) > https://hub.docker.com/u/apache (various images from the ASF) > > I assume that "https://hub.docker.com/u/apache" is an Apache controlled > location, so publishing Apache images from there is fine provided they obey > our policies (release policy, website policy etc). > > On the other hand, Docker and Bitnami do not have to obey our release > policy for their publishing locations, just our license/trademark-policy. > > Assuming the ASF control /apache, which I think believe do, Docker works. > Though "_/httpd" is confusing as to who that's coming from. > > I get more confused in other areas (PyPI, npm) where we don't have a clear > namespace for acts of the foundation. Is > https://pypi.org/project/apache-beam/ an act of the PMC or an act of some > random folk who may or may not overlap with the PMC. It seems it's the > latter (ie: Pypi packages are not an act of the PMC and therefore don't > have to obey our release policy, just our license and trademark policy - I > think that's nuts btw). > > Tried to re-read the thread on legal-discuss and I'm more confused now than before (though I did note that /u/apache is Apache controlled by Infra).
Ignore me on this thread. I'll take my ignorance off to a special corner and let it beat me up a bit more. Hen