incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Busbey <>
Subject Re: [DISCUSS] Communicating intent around non-release, downstream integration binary artifacts
Date Wed, 24 Jun 2015 03:06:09 GMT
On Tue, Jun 23, 2015 at 5:20 PM, Ross Gardler (MS OPEN TECH) <> wrote:

> There is nothing preventing "clearly identifiable non-release artifacts
> available to the general public". Many projects make automated nightly
> builds available for example.
The release policy expressly says that nightly builds must not be made
available to general public.

It's my understanding that the reason the foundation can provide
indemnification (to both commiters/PMC and downstream) is the fact that
PMCs vote on releases under their delegated authority from the board.

If the boundary for public use moves from "voted on by a PMC" to "voted on
by a PMC or labeled as non-release" what are the ramifications?

While I agree that this is a general issue that should be discussed, an
example might help. This discussion started because the Geode PMC is
publishing a docker artifact from their nightly builds and then pointing
the general public to make use of that image. They have no released
artifacts, so any downstream user necessarily will be using those
non-vetted artifacts.

Downstream developers and users *will* take the path of lease resistance.
If that PMC wanted to continue relying on a binary docker image for
community outreach indefinitely, would that be okay? If they wanted to rely
on it and only have PMC blessed releases quarterly?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message