afs commented on issue #3165: URL: https://github.com/apache/jena/issues/3165#issuecomment-2859130128
There has been work recently on Fuseki to have a full function server - with UI, with admin functions - so that is something with stable functionality for a container. There are different uses: 1. Fuseki with UI. 2. Fuseki server, no UI. 3. Downstream UI customization. 4. Use in testing - presumable no UI. 5. As a base layer for downstream custom servers. (are there others?). Fuseki-with-UI has it's own implications - it needs admin access control (user/password). To make security solid, "no UI" might need to be different - don't ship the UI code, configure so the administration functions are robustly disabled. For the project, I think we need to consider the provenance chain from project to released container. There is how it's integrated into the release process so that the PMC is voting on the container(s). That could be voting on the scripts/actions to produce the container or voting on the container binary somehow. We can look at those other Apache projects and see what is best practice. The process should be reproducible - users may wish to build a container themselves, whether to avoid public global container registries or to verify container. (Docker builds are not byte-for-byte reproducible as I understand it.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
