incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hen <>
Subject Re: Tying Dockerhub into development and release management
Date Fri, 08 Feb 2019 00:55:11 GMT
On Thu, Feb 7, 2019 at 4:43 PM Hen <> wrote:

> On Thu, Feb 7, 2019 at 1:49 PM Justin Mclean <>
> wrote:
>> Hi,
>> > 2. The PPMC should not publish software outside of Apache controlled
>> locations.
>> I’m trying to find where the above has come from as I can find anything
>> in the release or distribution policies. [1] says “It is appropriate to
>> distribute official releases through downstream channels, but inappropriate
>> to distribute unreleased materials through them.”, [4] say this is OK "In
>> all such cases, the binary/bytecode package must have the same version
>> number as the source release and may only add binary/bytecode files that
>> are the result of compiling that version of the source code release.”
>> So everything there  to me is saying it’s OK to distribute versions of
>> release software on platforms like docker and I not sure where the "Apache
>> controlled locations only” restriction has come from.
> I'm trying to understand from the thread on legal-discuss on the subject.
> Which frankly I think I'm failing to do.
> I see these DockerHub accounts:
>   (HTTP Server from Docker?)
>  (HTTP Server from Bitnami)
> (various images from the ASF)
> I assume that "" is an Apache controlled
> location, so publishing Apache images from there is fine provided they obey
> our policies (release policy, website policy etc).
> On the other hand, Docker and Bitnami do not have to obey our release
> policy for their publishing locations, just our license/trademark-policy.
> Assuming the ASF control /apache, which I think believe do, Docker works.
> Though "_/httpd" is confusing as to who that's coming from.
> I get more confused in other areas (PyPI, npm) where we don't have a clear
> namespace for acts of the foundation. Is
> an act of the PMC or an act of some
> random folk who may or may not overlap with the PMC. It seems it's the
> latter (ie: Pypi packages are not an act of the PMC and therefore don't
> have to obey our release policy, just our license and trademark policy - I
> think that's nuts btw).
Tried to re-read the thread on legal-discuss and I'm more confused now than
before (though I did note that /u/apache is Apache controlled by Infra).

Ignore me on this thread. I'll take my ignorance off to a special corner
and let it beat me up a bit more.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message