incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <>
Subject Re: Tying Dockerhub into development and release management
Date Tue, 05 Feb 2019 13:47:57 GMT
I totally agree with you that Docker images should be built from official
source releases, unless they are clearly marked as unofficial SNAPSHOT
releases and intended for testing. I'm just repeating what I've heard over
and over again from various ASF members that the only official release is
the source release; I'd don't agree with that point of view.

I'm curious what "built from the official source releases". Does that mean
that you must create Docker images by downloading the official source
release, verifying it's hash and then building image?  Or, are you allowed
to build your Docker images from the same SCM tag as was used to create the
source release?


On Tue, Feb 5, 2019 at 5:23 AM Justin Mclean <>

> Hi,
> > My understanding is that only source-code releases are official releases.
> > Binaries are just a convenience and not official, so I don't think you
> have
> > to worry about making images available via DockerHub, even if that is the
> > primary way most people install.
> -1 the PMC  can’t release unapproved code to the general public, this
> mandated by ASF release policy and has been previous discussed here [1].
> "It is appropriate to distribute official releases through downstream
> channels, but inappropriate to distribute unreleased materials through
> them.”
> Docker images MUST be built from our official source releases.
> Put it this way if a PPMC could just publish what they wanted  to docker
> at any time why bother with official release at all.
> Thanks,
> Justin
> 1.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message