incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <>
Subject Re: Tying Dockerhub into development and release management
Date Fri, 08 Feb 2019 03:58:44 GMT

Sent from my iPhone

> On Feb 7, 2019, at 7:51 PM, Chris Lambertus <> wrote:
>> On Feb 7, 2019, at 6:47 PM, Justin Mclean <> wrote:
>> Hi,
>>> Infra does not police what projects deploy on their dockerhub repos. Do we need
>> Well from a casual glance I can see several projects that seem to be putting releases
constructed from unapproved source code up there. I’ve not looked in detail so may be mistaken.
I guess sit depends if that concerns you or not.
> I hear you loud and clear. It’s not a question of if it concerns “me” i.e. Infra,
but more if it concerns Legal. Based on it seems
like Infra may need to clamp down on what’s going on with the dockerhub repos and builds.
As I alluded to before, we’ve generally left this to the good will of the project. If it’s
being abused and the project is “releasing” artifacts via dockerhub that have not been
vetted through the ASF release policy, then we do need to take action. Thanks for bringing
this to our attention. Could you please send a list of any “offenders” that you’ve found
to private@infra?

Does DockerHub provide a way to limit some containers from public view? If so then such unapproved
artifacts should be hidden first. A general announcement could then be made.


> Thanks,
> -Chris
> ASF Infra
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message