www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Wittenauer ...@effectivemachines.com.INVALID>
Subject Re: Controlling the images used for the builds/releases
Date Tue, 23 Jun 2020 01:07:34 GMT

> On Jun 22, 2020, at 6:52 AM, Jarek Potiuk <Jarek.Potiuk@polidea.com> wrote:
> 1) Is this acceptable to have a non-officially released image as a
> dependency in released code for the ASF project?

My understanding the bigger problem is the license of the dependency (and their dependencies)
rather than the official/unofficial status.  For Apache Yetus' test-patch functionality, we
defaulted all of our plugins to off because we couldn't depend upon GPL'd binaries being available
or giving the impression that they were required.  By doing so, it put the onus on the user
to specifically enable features that depends upon GPL'd functionality.  It also pretty much
nukes any idea of being user friendly. :(

> 2) If it's not - how do we determine which images are "officially
> maintained".

	Keep in mind that Docker themselves brand their images as 'official' when they actually come
from Docker instead of the organizations that own that particular piece of software.  It just
adds to the complexity.

> 3) If yes - how do we put the boundary - when image is acceptable? Are
> there any criteria we can use or/ constraints we can put on the
> licences/organizations releasing the images we want to make dependencies
> for released code of ours?

	License means everything.

> 4) If some images are not acceptable, shoud we bring them in and release
> them in a community-managed registry?

	For the Apache Yetus docker image, we're including everything that the project supports.

View raw message