Hi,
Another spinoff from the graduation discussion on the incubator general list relates to our project's use of dockerhub. We were pointed to a set of (unofficial) distribution guidelines [1] that seem fairly sensible to me. I've inlined the docker portion of [1] at the end of this email. Summarizing, I think there are at least 2 (and perhaps 3) action items for us to consider and implement. 1. One set of actions is a per-image standardization of the dockerhub metadata for that image (overview, Dockerfile, disclaimer, etc). Many of our images lack this consistent metadata. A little tedious, but not that big of a deal. 2. The big item is that I believe we need to re-engineer our CI/CD process across all of our git repos to replace the use of the 'latest' tag with 'nightly' (or similar). This is going to be tedious and labor intensive for us, but given the special treatment of 'latest' by docker pull I believe it to be unavoidable. It is a sound principle that a tagless 'docker pull openwhisk/<some-image>' by a user should get an artifact that corresponds to an official release. I believe the best implementation for this is having 'latest' be an alias for the most current official release, not as an alias for the latest nightly build. 3. Once we have addressed (1) and (2), we should consider opening a legal discuss thread to see if we can continue to use /u/openwhisk (with clear branding that /u/openwhisk is an official distribution channel from the Apache OpenWhisk (P)PMC) or if we must migrate to /u/apacheopenwhisk or similar. --dave [1] https://cwiki.apache.org/confluence/display/INCUBATOR/DistributionGuidelines Docker Artifacts need to be placed in https://hub.docker.com/r/apache/<project> or https://hub.docker.com/u/apache<project>/<project> To comply with ASF release and distributions please ensure the following: The overview should include the incubator disclaimer. The docker file (if it exists) should include an ASF header. The docker file (if it exists) should include the incubator disclaimer. docker pull apache/<project> should not install an artifact containing unapproved code. Release candidates, nightlies or snapshots need to be clearly tagged. The latest tag should not point to an artifact containing unapproved code e.g. to master or dev branches or to a RC or snapshot.
