Hello Apache legal,
I've just had a discussion with my colleagues around publishing artifacts with code thats outside of the control of the Apache project. The use case is the following:
Our project does not only offer the source releases using the typical Apache process but also prepackaged convenience releases to distribution platforms like Maven or PyPi.
The current idea is to add support for DockerHub. For this, a new (non-trivial) pipeline would be created and used to generate the images and publish them to DockerHub. The developers do not want to donate the source of that pipeline to the Apache project and instead want to maintain their own public GitHub repository that's under their control. The code would still be under the Apache 2 license, but the project's committers and PMC members would have no permissions to it.
How is the situation here?
- Are these outside contributors allowed to publish these Docker images to DockerHub under the brand of Apache MXNet without being a PMC member?
- Would the permission of a PMC member be sufficient to allow them the publishing although the source code is still outside of the PMCs control?
- Would it be sufficient if just one PMC member has control over that source code?
- Would it be sufficient if the person who publishes the images is a PMC member?
- Would it be allowed to publish the images under a different name than Apache MXNet?
Thanks for your assistance!