incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [DISCUSS] Communicating intent around non-release, downstream integration binary artifacts
Date Wed, 24 Jun 2015 19:22:47 GMT
Le 24/06/15 09:19, Rob Vesse a écrit :
> Personally I think the policy should be clarified such that nightly
> builds MUST only live on ASF infrastructure 

Non sense. Nightly built can stay wherever is suitable. It's not The ASF
business anyway, The ASF does not endorse nighly build or non-release

> (whether that be the Nexus SNAPSHOTs repo, committer web space etc).
> As soon as you start putting them on external services like DockerHub
> then they are potentially widely visible to the general public.
Not a problem, as soon as you don't advertize them. People are grown up
adults that know what to do with such builds, would they found them
somwhere which is not advertized as an Apache official release.

> Going back to the example of libraries published as Maven artifacts
> for those projects already publishing SNAPSHOTs these only get
> published to the Apache Nexus server ( and are
> not synced to Maven central.
So ? SNAPSHOTs are visible, anyone can download them, and they are not
endorsed by apache. They are just stored there because it's convenient,
not because it's official or whatever makes an ASF release.

Pushing your reasoning to its limit would force any Apache project to
push non-release packages to a protected area, for committers only. Not
even close to what's going to happen, any time soon, I hope.

> People who want to consume those artifacts have to explicitly
> configure their Maven setup to enable Apache SNAPSHOTs. For me this is
> a sufficient barrier to distinguish between "developers" and "users".

Users download official releases from the Apache web site, and The ASF
is only responsible for what is inside those released packages. It's
enough to avoid pretending that a non-release package or a SNAPSHOT is
*not* a release to protect The ASF *and* its users, which is the only
important thing so far.

> FWIW if someone has made the effort to join the mailing list and
> report a bug which we then want to ask them to test a fix for then
> they are clearly in the developer category (or more accurately they
> are a contributor) and I would have no problem to pointing them to the
> nightly builds so they could do this. However putting stuff out there
> on an external hosting service that is widely accessible seems to go
> against the spirit (and likely the letter) of the policy Rob 

This is just against *your* perception of what is the spirit. Pushing
some SNAPSHOT or non-release package somwhere convenient for people to
check that it's correct is just part of the dev process, as far as we
don't claim it's a release and we don't push people to use it as
official releases. Adding another layer by asking those packages to be
pushed on a ASF infrastructure is just making things harder for the
developpers. We don't need that, The ASF does not require that.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message