On Tue, Jun 23, 2015 at 5:20 PM, Ross Gardler (MS OPEN TECH) < ross.gard...@microsoft.com> wrote:
> There is nothing preventing "clearly identifiable non-release artifacts > available to the general public". Many projects make automated nightly > builds available for example. > > The release policy expressly says that nightly builds must not be made available to general public. It's my understanding that the reason the foundation can provide indemnification (to both commiters/PMC and downstream) is the fact that PMCs vote on releases under their delegated authority from the board. If the boundary for public use moves from "voted on by a PMC" to "voted on by a PMC or labeled as non-release" what are the ramifications? While I agree that this is a general issue that should be discussed, an example might help. This discussion started because the Geode PMC is publishing a docker artifact from their nightly builds and then pointing the general public to make use of that image. They have no released artifacts, so any downstream user necessarily will be using those non-vetted artifacts. Downstream developers and users *will* take the path of lease resistance. If that PMC wanted to continue relying on a binary docker image for community outreach indefinitely, would that be okay? If they wanted to rely on it and only have PMC blessed releases quarterly? -- Sean
