incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <>
Subject Re: Renaming repos and security concerns
Date Fri, 08 Feb 2019 21:44:04 GMT

> On Feb 8, 2019, at 1:36 PM, Justin Mclean <> wrote:
> HI,
> In the thread on guidelines for distributions I suggested some common naming to help
with trademarks, branding and be in line with release policy.
> There's a possible security issue here, as people could (in theory) take over the old
name and put something malicious there if the old name was removed.
> Can rename GitHub
> Can’t rename docker
> Can’t rename on NPM
> Can’t rename but can deprecate and point to new one
> Can rename on PiPy
> Is possible but also supports deprecate. But best to use abandon feature and pick a replacement.
> I think we’re fine with:
> - GitHub is OK as it controlled by INFRA
> - Docker is OK as /u/apache is controlled by INFRA. Outside that space is a concern.
> - NPM you can deprecate one and point to new one so no one can take the old package
> - PiPy you can use abandon and point to a replacement so none can take the old package
> Any other concerns?

We need to make sure that pre-Apache releases whether source or binary are treated in a fair

An über-comment - let’s be exceedingly careful with time limits for “compliance”.

I think it would be good to finalize proposed policies from master copies on the wiki.


> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message