> On Feb 7, 2019, at 6:47 PM, Justin Mclean <jus...@classsoftware.com> wrote:
>
> Hi,
>
>> Infra does not police what projects deploy on their dockerhub repos. Do we
>> need to?
>
> Well from a casual glance I can see several projects that seem to be putting
> releases constructed from unapproved source code up there. I’ve not looked in
> detail so may be mistaken. I guess sit depends if that concerns you or not.
I hear you loud and clear. It’s not a question of if it concerns “me” i.e.
Infra, but more if it concerns Legal. Based on
www.apache.org/legal/release-policy.html it seems like Infra may need to clamp
down on what’s going on with the dockerhub repos and builds. As I alluded to
before, we’ve generally left this to the good will of the project. If it’s
being abused and the project is “releasing” artifacts via dockerhub that have
not been vetted through the ASF release policy, then we do need to take action.
Thanks for bringing this to our attention. Could you please send a list of any
“offenders” that you’ve found to private@infra?
Thanks,
-Chris
ASF Infra
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org