Sent from my iPhone
> On Feb 7, 2019, at 7:51 PM, Chris Lambertus <c...@apache.org> wrote:
>
>
>
>> On Feb 7, 2019, at 6:47 PM, Justin Mclean <jus...@classsoftware.com> wrote:
>>
>> Hi,
>>
>>> Infra does not police what projects deploy on their dockerhub repos. Do we
>>> need to?
>>
>> Well from a casual glance I can see several projects that seem to be putting
>> releases constructed from unapproved source code up there. I’ve not looked
>> in detail so may be mistaken. I guess sit depends if that concerns you or
>> not.
>
> I hear you loud and clear. It’s not a question of if it concerns “me” i.e.
> Infra, but more if it concerns Legal. Based on
> www.apache.org/legal/release-policy.html it seems like Infra may need to
> clamp down on what’s going on with the dockerhub repos and builds. As I
> alluded to before, we’ve generally left this to the good will of the project.
> If it’s being abused and the project is “releasing” artifacts via dockerhub
> that have not been vetted through the ASF release policy, then we do need to
> take action. Thanks for bringing this to our attention. Could you please send
> a list of any “offenders” that you’ve found to private@infra?
Does DockerHub provide a way to limit some containers from public view? If so
then such unapproved artifacts should be hidden first. A general announcement
could then be made.
Regards,
Dave
>
> Thanks,
>
>
> -Chris
> ASF Infra
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
> For additional commands, e-mail: general-h...@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
