Policy on adding new images and packages#
There are many things we consider while adding new images and packages.
Here is a non-exhaustive list of things we do care about:
Software health, details, and maintenance status
reasonable versioning is adopted, and the version is considered to be stable
has been around for several years
the package maintains documentation
a changelog is actively maintained
a release procedure with helpful automation is established
multiple people are involved in the maintenance of the project
provides a
conda-forge
package besides apypi
package, where both are kept up to datesupports both
x86_64
andaarch64
architectures
Installation consequences
GitHub Actions build time
Image sizes
All requirements should be installed as well
Jupyter Docker Stacks image fit
new package or stack is changing (or inherits from) the most suitable stack
Software impact for users of docker-stacks images
How this image can help existing users, or maybe reduce the need to build new images
Why it shouldn’t just be a documented recipe
Impact on security
Does the package open additional ports, or add new web endpoints, that could be exploited?
With all this in mind, we have a voting group, that consists of @mathbunnyru, @consideRatio, @yuvipanda, and @manics.
This voting group is responsible for accepting or declining new packages and stacks. The change is accepted, if there are at least 2 positive votes.