Le 24/06/15 09:19, Rob Vesse a écrit : > Personally I think the policy should be clarified such that nightly > builds MUST only live on ASF infrastructure
Non sense. Nightly built can stay wherever is suitable. It's not The ASF business anyway, The ASF does not endorse nighly build or non-release packages. > (whether that be the Nexus SNAPSHOTs repo, committer web space etc). > As soon as you start putting them on external services like DockerHub > then they are potentially widely visible to the general public. Not a problem, as soon as you don't advertize them. People are grown up adults that know what to do with such builds, would they found them somwhere which is not advertized as an Apache official release. > Going back to the example of libraries published as Maven artifacts > for those projects already publishing SNAPSHOTs these only get > published to the Apache Nexus server (repository.apache.org) and are > not synced to Maven central. So ? SNAPSHOTs are visible, anyone can download them, and they are not endorsed by apache. They are just stored there because it's convenient, not because it's official or whatever makes an ASF release. Pushing your reasoning to its limit would force any Apache project to push non-release packages to a protected area, for committers only. Not even close to what's going to happen, any time soon, I hope. > People who want to consume those artifacts have to explicitly > configure their Maven setup to enable Apache SNAPSHOTs. For me this is > a sufficient barrier to distinguish between "developers" and "users". Users download official releases from the Apache web site, and The ASF is only responsible for what is inside those released packages. It's enough to avoid pretending that a non-release package or a SNAPSHOT is *not* a release to protect The ASF *and* its users, which is the only important thing so far. > FWIW if someone has made the effort to join the mailing list and > report a bug which we then want to ask them to test a fix for then > they are clearly in the developer category (or more accurately they > are a contributor) and I would have no problem to pointing them to the > nightly builds so they could do this. However putting stuff out there > on an external hosting service that is widely accessible seems to go > against the spirit (and likely the letter) of the policy Rob This is just against *your* perception of what is the spirit. Pushing some SNAPSHOT or non-release package somwhere convenient for people to check that it's correct is just part of the dev process, as far as we don't claim it's a release and we don't push people to use it as official releases. Adding another layer by asking those packages to be pushed on a ASF infrastructure is just making things harder for the developpers. We don't need that, The ASF does not require that. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
