incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hen <bay...@apache.org>
Subject Re: Tying Dockerhub into development and release management
Date Fri, 08 Feb 2019 00:43:11 GMT
On Thu, Feb 7, 2019 at 1:49 PM Justin Mclean <justin@classsoftware.com>
wrote:

> Hi,
>
> > 2. The PPMC should not publish software outside of Apache controlled
> locations.
>
> I’m trying to find where the above has come from as I can find anything in
> the release or distribution policies. [1] says “It is appropriate to
> distribute official releases through downstream channels, but inappropriate
> to distribute unreleased materials through them.”, [4] say this is OK "In
> all such cases, the binary/bytecode package must have the same version
> number as the source release and may only add binary/bytecode files that
> are the result of compiling that version of the source code release.”
>
> So everything there  to me is saying it’s OK to distribute versions of
> release software on platforms like docker and I not sure where the "Apache
> controlled locations only” restriction has come from.
>

I'm trying to understand from the thread on legal-discuss on the subject.
Which frankly I think I'm failing to do.

I see these DockerHub accounts:

https://hub.docker.com/_/httpd   (HTTP Server from Docker?)
https://hub.docker.com/r/bitnami/apache/  (HTTP Server from Bitnami)
https://hub.docker.com/u/apache (various images from the ASF)

I assume that "https://hub.docker.com/u/apache" is an Apache controlled
location, so publishing Apache images from there is fine provided they obey
our policies (release policy, website policy etc).

On the other hand, Docker and Bitnami do not have to obey our release
policy for their publishing locations, just our license/trademark-policy.

Assuming the ASF control /apache, which I think believe do, Docker works.
Though "_/httpd" is confusing as to who that's coming from.

I get more confused in other areas (PyPI, npm) where we don't have a clear
namespace for acts of the foundation. Is
https://pypi.org/project/apache-beam/ an act of the PMC or an act of some
random folk who may or may not overlap with the PMC. It seems it's the
latter (ie: Pypi packages are not an act of the PMC and therefore don't
have to obey our release policy, just our license and trademark policy - I
think that's nuts btw).

Hen

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message