incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Renaming repos and security concerns
Date Fri, 08 Feb 2019 21:44:04 GMT


> On Feb 8, 2019, at 1:36 PM, Justin Mclean <justin@classsoftware.com> wrote:
> 
> HI,
> 
> In the thread on guidelines for distributions I suggested some common naming to help
with trademarks, branding and be in line with release policy.
> 
> There's a possible security issue here, as people could (in theory) take over the old
name and put something malicious there if the old name was removed.
> 
> Can rename GitHub
> https://help.github.com/articles/renaming-a-repository/
> 
> Can’t rename docker
> https://success.docker.com/article/how-do-you-rename-a-docker-hub-repository
> 
> Can’t rename on NPM
> Can’t rename but can deprecate and point to new one
> 
> Can rename on PiPy
> Is possible but also supports deprecate. But best to use abandon feature and pick a replacement.
> 
> I think we’re fine with:
> - GitHub is OK as it controlled by INFRA
> - Docker is OK as /u/apache is controlled by INFRA. Outside that space is a concern.
> - NPM you can deprecate one and point to new one so no one can take the old package
> - PiPy you can use abandon and point to a replacement so none can take the old package
> 
> Any other concerns?

We need to make sure that pre-Apache releases whether source or binary are treated in a fair
way.

An über-comment - let’s be exceedingly careful with time limits for “compliance”.

I think it would be good to finalize proposed policies from master copies on the wiki.

Regards,
Dave


> 
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message