> Gesendet: Freitag, 08. Februar 2019 um 04:58 Uhr
> Von: "Dave Fisher" <dave2w...@comcast.net>
> An: general@incubator.apache.org
> Betreff: Re: Tying Dockerhub into development and release management
[...]
> > On Feb 7, 2019, at 7:51 PM, Chris Lambertus <c...@apache.org> wrote:
[...]
> >> On Feb 7, 2019, at 6:47 PM, Justin Mclean <jus...@classsoftware.com> wrote:
> >>
> >> Hi,
> >>
> >>> Infra does not police what projects deploy on their dockerhub repos. Do
> >>> we need to?
> >>
> >> Well from a casual glance I can see several projects that seem to be
> >> putting releases constructed from unapproved source code up there. I’ve
> >> not looked in detail so may be mistaken. I guess sit depends if that
> >> concerns you or not.
> >
> > I hear you loud and clear. It’s not a question of if it concerns “me” i.e.
> > Infra, but more if it concerns Legal. Based on
> > www.apache.org/legal/release-policy.html it seems like Infra may need to
> > clamp down on what’s going on with the dockerhub repos and builds. As I
> > alluded to before, we’ve generally left this to the good will of the
> > project. If it’s being abused and the project is “releasing” artifacts via
> > dockerhub that have not been vetted through the ASF release policy, then we
> > do need to take action. Thanks for bringing this to our attention. Could
> > you please send a list of any “offenders” that you’ve found to
> > private@infra?
Question: "releasing artifacts that have not been vetted through the ASF
release policy" does also include Docker images based on official releases? (I
know the thread also talked about nightlies and such, that is why it is not
100% clear to me here)
bye Jochen
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
