incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <jus...@classsoftware.com>
Subject Renaming repos and security concerns
Date Fri, 08 Feb 2019 21:36:59 GMT
HI,

In the thread on guidelines for distributions I suggested some common naming to help with
trademarks, branding and be in line with release policy.

There's a possible security issue here, as people could (in theory) take over the old name
and put something malicious there if the old name was removed.

Can rename GitHub
https://help.github.com/articles/renaming-a-repository/

Can’t rename docker
https://success.docker.com/article/how-do-you-rename-a-docker-hub-repository

Can’t rename on NPM
Can’t rename but can deprecate and point to new one

Can rename on PiPy
Is possible but also supports deprecate. But best to use abandon feature and pick a replacement.

 I think we’re fine with:
- GitHub is OK as it controlled by INFRA
- Docker is OK as /u/apache is controlled by INFRA. Outside that space is a concern.
- NPM you can deprecate one and point to new one so no one can take the old package
- PiPy you can use abandon and point to a replacement so none can take the old package

Any other concerns?

Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message