pages/guides/distrubution.ad - incubator - Git at Google

 //Licensed under the Apache License, Version 2.0 (the "License");
 //you may not use this file except in compliance with the License.
 //You may obtain a copy of the License at
 //
 //http://www.apache.org/licenses/LICENSE-2.0
 //
 //Unless required by applicable law or agreed to in writing, software
 //distributed under the License is distributed on an "AS IS" BASIS,
 //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 //See the License for the specific language governing permissions and
 //limitations under the License.
 = Distribution Guidelines
 Apache Incubator PMC
 2020-5-10
 :jbake-type: pmcGuide
 :jbake-status: published
 :idprefix:
 :toc:
 :imagesdir: ../images/


 Skip to end of metadata
 Created by ASF Infrabot, last modified by Justin Mclean on Jul 14, 2020
 Go to start of metadata

 Guidelines to help you comply with the ASF distribution policies

 One of the goals of incubation is to teach podling communities how to build and distribute ASF-compliant releases. A podling community should begin to familiarise themselves with the ASF policies for distribution. Those policies can be found at https://infra.apache.org/release-distribution. The following will help you comply with current policy.

 == Motivation
 The ASF is responsible for providing software which can be used in accordance with our license. Code or artifacts built from code without clean IP can mean that code that doesn't belong to us slips into users projects. This would expose our users and the ASF to the risk of lawsuit. One purpose of the incubating process and its release process is to ensure that our users can trust our projects. Releasing artifacts built from code that hasn't been approved by the IPMC circumvents this process. It robs the PPMC of learning opportunities. It increases the likelihood that we might accidentally betray the trust of our users.
 At the same time binary artifacts on distribution platforms are important to our users for a wide variety of reasons. This document is intended to balance these priorities. If you believe you have a case in which this document is inadequate to your situation please bring this to our attention by mailing either general@incubator.apache.org or private@incubator.apache.org

 == Release Platforms
 In addition to the Apache mirror system incubating projects may distribute artifacts on other platforms as long as they follow these general guidelines:
 * Releases must be placed in the Apache mirror system.
 * Source releases and convenience binaries need to be made from IPMC and PPMC approved ASF releases.
 * Where possible it should be pointed out that Apache project make source releases and convenience binaries are just a convenience for end user.
 * Convenience binaries need to follow licensing policy and not include any category X licensed software.
 * Convenience binaries should be signed and have hashes to verify their contents.
 * Release candidates, nightlys and snapshots must not be advertised to the general public.
 * Apache project branding and naming needs to be respected.
 * It should be clear that the artifacts are under the ALv2 license.
 * An incubating disclaimer must be clearly displayed where the artifacts are made available.
 * All PPMC members must have access to administer the platform and the credentials recorded where any PPMC member can access them.
 * Where possible these artifacts should not be referred to as releases.
 * Where possible use platforms officially supported by Infra.
 All of the above SHOULD be followed. The podling can ask the IPMC for permission to do otherwise.

 **Currently only Github, Dockerhub, and Maven are officially supported by Infra.**

 == Maven distribution
 To comply with ASF release and distributions please ensure the following:
 * The project description should include the incubator disclaimer.
 * Artifacts should be under the groupId of org.apache.<project>.
 * The official release artifacts should not contain unapproved code.
 * Release candidates, nightlys or snapshots need to be clearly marked by adding suffix in its version, like `org.apache.<project>.<component>:0.1-SNAPSHOT`
 * The POM file should set the ALv2 license as its license, Apache <project> as its developer name, and proper source control information.
 * Additional guidelines and process for releasing Maven components can be found link:https://infra.apache.org/publishing-maven-artifacts.html[on this infra page].

 == GitHub
 Artifacts show up on https://github.com/apache/incubator-<project>/releases.
 To comply with ASF release and distributions please ensure the following:
 * Any releases need to include the text of the incubation disclaimer.
 * The release page must not contain release candidates, nightly or snapshots releases that have not been tagged as prereleases. (Ignoring that GitHub also displays tags on the release page.)
 * Any releases that exist before coming into incubation need to be clearly described on the release page and tagged as such on https://github.com/apache/incubator-<project>/tags.
 * Release candidates, nightlys or snapshots releases can be tagged and appear on https://github.com/apache/incubator-<project>/tags.

 == Docker
 Artifacts need to be placed in https://hub.docker.com/r/apache/<project> or https://hub.docker.com/u/apache<project>/<project>.
 To comply with ASF release and distributions please ensure the following:
 * The overview should include the incubator disclaimer.
 * The docker file (if it exists) should include an ASF header.
 * The docker file (if it exists) should include the incubator disclaimer.
 * docker pull apache/<project> should not install an artifact containing unapproved code.
 * Release candidates, nightlys or snapshots need to be clearly tagged.
 * The latest tag should not point to an artifact containing unapproved code e.g. to master or dev branches or to a RC or snapshot.


 == NPM
 Artifacts show up on https://www.npmjs.com/package/apache-<project> version page.
 * To comply with ASF release and distributions please ensure the following:
 * The readme tab needs to include the text of the incubation disclaimer.
 * npm install apache<project> should not install an artifact containing unapproved code.
 * The latest release should not point to an artifact containing unapproved code e.g. a release candidate or snapshot.
 * Release candidates, nightlys or snapshots need to be clearly tagged.
 * The license field should display the ALv2 license.


 == PyPI
 * Artifacts need to be placed in https://pypi.org/project/apache-<project>.
 * To comply with ASF release and distributions please ensure the following:
 * The project description should include the incubator disclaimer.
 * pip install apache<project> should not install an artifact containing unapproved code.
 * Release candidates, nightlys or snapshots need to be clearly tagged as pre-release on https://pypi.org/project/apache-<project>/#history
 * The latest version should not point to an artifact containing unapproved code e.g. to a release candidate or snapshot
 * The meta license field should display the ALv2 license.
	//Licensed under the Apache License, Version 2.0 (the "License");
	//you may not use this file except in compliance with the License.
	//You may obtain a copy of the License at
	//
	//http://www.apache.org/licenses/LICENSE-2.0
	//
	//Unless required by applicable law or agreed to in writing, software
	//distributed under the License is distributed on an "AS IS" BASIS,
	//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	//See the License for the specific language governing permissions and
	//limitations under the License.
	= Distribution Guidelines
	Apache Incubator PMC
	2020-5-10
	:jbake-type: pmcGuide
	:jbake-status: published
	:idprefix:
	:toc:
	:imagesdir: ../images/


	Skip to end of metadata
	Created by ASF Infrabot, last modified by Justin Mclean on Jul 14, 2020
	Go to start of metadata

	Guidelines to help you comply with the ASF distribution policies

	One of the goals of incubation is to teach podling communities how to build and distribute ASF-compliant releases. A podling community should begin to familiarise themselves with the ASF policies for distribution. Those policies can be found at https://infra.apache.org/release-distribution. The following will help you comply with current policy.

	== Motivation
	The ASF is responsible for providing software which can be used in accordance with our license. Code or artifacts built from code without clean IP can mean that code that doesn't belong to us slips into users projects. This would expose our users and the ASF to the risk of lawsuit. One purpose of the incubating process and its release process is to ensure that our users can trust our projects. Releasing artifacts built from code that hasn't been approved by the IPMC circumvents this process. It robs the PPMC of learning opportunities. It increases the likelihood that we might accidentally betray the trust of our users.
	At the same time binary artifacts on distribution platforms are important to our users for a wide variety of reasons. This document is intended to balance these priorities. If you believe you have a case in which this document is inadequate to your situation please bring this to our attention by mailing either general@incubator.apache.org or private@incubator.apache.org

	== Release Platforms
	In addition to the Apache mirror system incubating projects may distribute artifacts on other platforms as long as they follow these general guidelines:
	* Releases must be placed in the Apache mirror system.
	* Source releases and convenience binaries need to be made from IPMC and PPMC approved ASF releases.
	* Where possible it should be pointed out that Apache project make source releases and convenience binaries are just a convenience for end user.
	* Convenience binaries need to follow licensing policy and not include any category X licensed software.
	* Convenience binaries should be signed and have hashes to verify their contents.
	* Release candidates, nightlys and snapshots must not be advertised to the general public.
	* Apache project branding and naming needs to be respected.
	* It should be clear that the artifacts are under the ALv2 license.
	* An incubating disclaimer must be clearly displayed where the artifacts are made available.
	* All PPMC members must have access to administer the platform and the credentials recorded where any PPMC member can access them.
	* Where possible these artifacts should not be referred to as releases.
	* Where possible use platforms officially supported by Infra.
	All of the above SHOULD be followed. The podling can ask the IPMC for permission to do otherwise.

	Currently only Github, Dockerhub, and Maven are officially supported by Infra.

	== Maven distribution
	To comply with ASF release and distributions please ensure the following:
	* The project description should include the incubator disclaimer.
	* Artifacts should be under the groupId of org.apache.<project>.
	* The official release artifacts should not contain unapproved code.
	* Release candidates, nightlys or snapshots need to be clearly marked by adding suffix in its version, like `org.apache.<project>.<component>:0.1-SNAPSHOT`
	* The POM file should set the ALv2 license as its license, Apache <project> as its developer name, and proper source control information.
	* Additional guidelines and process for releasing Maven components can be found link:https://infra.apache.org/publishing-maven-artifacts.html[on this infra page].

	== GitHub
	Artifacts show up on https://github.com/apache/incubator-<project>/releases.
	To comply with ASF release and distributions please ensure the following:
	* Any releases need to include the text of the incubation disclaimer.
	* The release page must not contain release candidates, nightly or snapshots releases that have not been tagged as prereleases. (Ignoring that GitHub also displays tags on the release page.)
	* Any releases that exist before coming into incubation need to be clearly described on the release page and tagged as such on https://github.com/apache/incubator-<project>/tags.
	* Release candidates, nightlys or snapshots releases can be tagged and appear on https://github.com/apache/incubator-<project>/tags.

	== Docker
	Artifacts need to be placed in https://hub.docker.com/r/apache/<project> or https://hub.docker.com/u/apache<project>/<project>.
	To comply with ASF release and distributions please ensure the following:
	* The overview should include the incubator disclaimer.
	* The docker file (if it exists) should include an ASF header.
	* The docker file (if it exists) should include the incubator disclaimer.
	* docker pull apache/<project> should not install an artifact containing unapproved code.
	* Release candidates, nightlys or snapshots need to be clearly tagged.
	* The latest tag should not point to an artifact containing unapproved code e.g. to master or dev branches or to a RC or snapshot.


	== NPM
	Artifacts show up on https://www.npmjs.com/package/apache-<project> version page.
	* To comply with ASF release and distributions please ensure the following:
	* The readme tab needs to include the text of the incubation disclaimer.
	* npm install apache<project> should not install an artifact containing unapproved code.
	* The latest release should not point to an artifact containing unapproved code e.g. a release candidate or snapshot.
	* Release candidates, nightlys or snapshots need to be clearly tagged.
	* The license field should display the ALv2 license.


	== PyPI
	* Artifacts need to be placed in https://pypi.org/project/apache-<project>.
	* To comply with ASF release and distributions please ensure the following:
	* The project description should include the incubator disclaimer.
	* pip install apache<project> should not install an artifact containing unapproved code.
	* Release candidates, nightlys or snapshots need to be clearly tagged as pre-release on https://pypi.org/project/apache-<project>/#history
	* The latest version should not point to an artifact containing unapproved code e.g. to a release candidate or snapshot
	* The meta license field should display the ALv2 license.