incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Lambertus <>
Subject Re: Tying Dockerhub into development and release management
Date Fri, 08 Feb 2019 03:51:34 GMT

> On Feb 7, 2019, at 6:47 PM, Justin Mclean <> wrote:
> Hi,
>> Infra does not police what projects deploy on their dockerhub repos. Do we need to?
> Well from a casual glance I can see several projects that seem to be putting releases
constructed from unapproved source code up there. I’ve not looked in detail so may be mistaken.
I guess sit depends if that concerns you or not.

I hear you loud and clear. It’s not a question of if it concerns “me” i.e. Infra, but
more if it concerns Legal. Based on it seems like
Infra may need to clamp down on what’s going on with the dockerhub repos and builds. As
I alluded to before, we’ve generally left this to the good will of the project. If it’s
being abused and the project is “releasing” artifacts via dockerhub that have not been
vetted through the ASF release policy, then we do need to take action. Thanks for bringing
this to our attention. Could you please send a list of any “offenders” that you’ve found
to private@infra?


ASF Infra

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message