I totally agree with you that Docker images should be built from official source releases, unless they are clearly marked as unofficial SNAPSHOT releases and intended for testing. I'm just repeating what I've heard over and over again from various ASF members that the only official release is the source release; I'd don't agree with that point of view.
I'm curious what "built from the official source releases". Does that mean that you must create Docker images by downloading the official source release, verifying it's hash and then building image? Or, are you allowed to build your Docker images from the same SCM tag as was used to create the source release? Dave On Tue, Feb 5, 2019 at 5:23 AM Justin Mclean <jus...@classsoftware.com> wrote: > Hi, > > > My understanding is that only source-code releases are official releases. > > Binaries are just a convenience and not official, so I don't think you > have > > to worry about making images available via DockerHub, even if that is the > > primary way most people install. > > -1 the PMC can’t release unapproved code to the general public, this > mandated by ASF release policy and has been previous discussed here [1]. > > "It is appropriate to distribute official releases through downstream > channels, but inappropriate to distribute unreleased materials through > them.” > > Docker images MUST be built from our official source releases. > > Put it this way if a PPMC could just publish what they wanted to docker > at any time why bother with official release at all. > > Thanks, > Justin > > 1. https://issues.apache.org/jira/browse/LEGAL-270 > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
