From builds-return-7162-archive-asf-public=cust-asf.ponee.io@apache.org Tue Jun 23 01:07:51 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 58B3B18057A for ; Tue, 23 Jun 2020 03:07:51 +0200 (CEST) Received: (qmail 36377 invoked by uid 500); 23 Jun 2020 01:07:50 -0000 Mailing-List: contact builds-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: builds@apache.org Delivered-To: mailing list builds@apache.org Received: (qmail 36360 invoked by uid 99); 23 Jun 2020 01:07:49 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Jun 2020 01:07:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id C9D4CC0241 for ; Tue, 23 Jun 2020 01:07:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.202 X-Spam-Level: X-Spam-Status: No, score=-0.202 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=effectivemachines.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id Br1NPUdEeGpv for ; Tue, 23 Jun 2020 01:07:46 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=104.236.136.112; helo=effectivemachines.com; envelope-from=aw@effectivemachines.com; receiver= Received: from effectivemachines.com (effectivemachines.com [104.236.136.112]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id D00757D3FB for ; Tue, 23 Jun 2020 01:07:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by effectivemachines.com (Postfix) with ESMTP id 05D8E1648D5 for ; Mon, 22 Jun 2020 18:07:37 -0700 (PDT) Received: from effectivemachines.com ([127.0.0.1]) by localhost (effectivemachines.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id gruCucLl8dVV for ; Mon, 22 Jun 2020 18:07:36 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by effectivemachines.com (Postfix) with ESMTP id BD5D41648F1 for ; Mon, 22 Jun 2020 18:07:36 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 effectivemachines.com BD5D41648F1 X-ASF-DKIM-Sig: v=1; a=rsa-sha256; c=relaxed/relaxed; d=effectivemachines.com; s=D35149BA-5A53-11E6-AF53-2EA667C55D35; t=1592874456; bh=UNi72WU20iugDU+IVcHG0TFzGqX+TNFhOMuRxFk5P6Q=; h=From:Mime-Version:Date:To:Message-Id; b=kMG10sTpU9GW4Ns1O8q2uE9xU9MeBwgeBSr7/ETcZD2hi9qpOZ+hRVtUAa2dk5ym/ a1llc4J2Dlrk1eCmJBSjxUgH/vSAtxhrkdVDAm8kL0eBGblVg5n0VaERY3iP/8n8KK 3y4VTmVdH4vveZZn364VcE7tiPV2+AnOWLytnIDo= X-Virus-Scanned: amavisd-new at effectivemachines.com Received: from effectivemachines.com ([127.0.0.1]) by localhost (effectivemachines.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EqzXBeeO1L18 for ; Mon, 22 Jun 2020 18:07:36 -0700 (PDT) Received: from [192.168.100.201] (108-193-1-249.lightspeed.sntcca.sbcglobal.net [108.193.1.249]) by effectivemachines.com (Postfix) with ESMTPSA id 928841648D5 for ; Mon, 22 Jun 2020 18:07:36 -0700 (PDT) From: Allen Wittenauer Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Subject: Re: Controlling the images used for the builds/releases Date: Mon, 22 Jun 2020 18:07:34 -0700 References: To: builds@apache.org In-Reply-To: Message-Id: X-Mailer: Apple Mail (2.3445.104.14) > On Jun 22, 2020, at 6:52 AM, Jarek Potiuk = wrote: > 1) Is this acceptable to have a non-officially released image as a > dependency in released code for the ASF project? My understanding the bigger problem is the license of the dependency = (and their dependencies) rather than the official/unofficial status. = For Apache Yetus' test-patch functionality, we defaulted all of our = plugins to off because we couldn't depend upon GPL'd binaries being = available or giving the impression that they were required. By doing = so, it put the onus on the user to specifically enable features that = depends upon GPL'd functionality. It also pretty much nukes any idea of = being user friendly. :( > 2) If it's not - how do we determine which images are "officially > maintained". Keep in mind that Docker themselves brand their images as = 'official' when they actually come from Docker instead of the = organizations that own that particular piece of software. It just adds = to the complexity. > 3) If yes - how do we put the boundary - when image is acceptable? Are > there any criteria we can use or/ constraints we can put on the > licences/organizations releasing the images we want to make = dependencies > for released code of ours? License means everything. > 4) If some images are not acceptable, shoud we bring them in and = release > them in a community-managed registry? For the Apache Yetus docker image, we're including everything = that the project supports. *shrugs*