Re: [tractusx-dev] Potential change to "Notice for Docker image" TRG

["Brunkow Moser, Mathias" <mathias.brunkowmoser@xxxxxxx>]

Classification: Public

 

Hi Sebastian,

 

I am also in favor, if there is a guideline on how to do it exactly 😊

 

Best regards,

 

 

 

 

 

Mathias Brunkow Moser | Software Engineer Lead Consultant

Catena-X, Industry 5.0 & Cybersecurity | CGI Deutschland B.V. & Co. KG

Leitzstraße, 45 | 70467 Stuttgart, Germany

M: + 49 1525 6723056

mathias.brunkowmoser@xxxxxxx | LinkedIn | www.cgi.com/de

 

 

    

 

Follow CGI at: Xing | LinkedIn | Twitter | Facebook | Instagram

 

CGI Deutschland B.V. KG, Leinfelder Straße 60, 70771 Leinfelden-Echterdingen |  Amtsgericht Stuttgart HRA 732235, Steuernummer: 97113/29861, Umsatzsteuer-Identifikationsnummer gemäß § 27 UStG: DE 114118368  |  Persönlich haftender Gesellschafter: CGI General Partner B.V., Rotterdam, Niederlande, KvK-Nr. 74017632   Geschäftsführer: Torsten Straß, Thomas Roth, Volker Katz, Francois Boulanger

 

Unsere Pflichtangaben gemäß § 35a GmbHG / §§ 161, 125a HGB finden Sie unter de.cgi.com/pflichtangaben

 

CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging to CGI Group Inc. and its affiliates may be contained in this message. If you are not a recipient indicated or intended in this message (or responsible for delivery of this message to such person), or you think for any reason that this message may have been addressed to you in error, you may not use or copy or deliver this message to anyone else. In such case, you should destroy this message and are asked to notify the sender by reply e-mail.

 

From: tractusx-dev <tractusx-dev-bounces@xxxxxxxxxxx> On Behalf Of Gurschler Evelyn, FG-222 via tractusx-dev
Sent: Friday, January 19, 2024 1:47 PM
To: tractusx developer discussions <tractusx-dev@xxxxxxxxxxx>
Cc: Gurschler Evelyn, FG-222 <Evelyn.Gurschler@xxxxxx>
Subject: Re: [tractusx-dev] Potential change to "Notice for Docker image" TRG

 

EXTERNAL SENDER: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
EXPÉDITEUR EXTERNE: Ne cliquez sur aucun lien et n’ouvrez aucune pièce jointe à moins qu’ils ne proviennent d’un expéditeur fiable, ou que vous ayez l'assurance que le contenu provient d'une source sûre.

 

Hi Sebastian,

 

I’m in favor of having a dedicated notice file, it’s more transparent.

 

Kind regards,

Evelyn

 

From: tractusx-dev <tractusx-dev-bounces@xxxxxxxxxxx> on behalf of "sebastian.bezold--- via tractusx-dev" <tractusx-dev@xxxxxxxxxxx>
Reply to: tractusx developer discussions <tractusx-dev@xxxxxxxxxxx>
Date: Thursday, 18. January 2024 at 10:14
To: "tractusx-dev@xxxxxxxxxxx" <tractusx-dev@xxxxxxxxxxx>
Cc: "sebastian.bezold@xxxxxxxxxxxxxxxxx" <sebastian.bezold@xxxxxxxxxxxxxxxxx>
Subject: [tractusx-dev] Potential change to "Notice for Docker image" TRG

 

Sent from outside the BMW organization - be CAUTIOUS, particularly with links and attachments.

Absender außerhalb der BMW Organisation - Bitte VORSICHT beim Öffnen von Links und Anhängen.

---

Hi all,

 

the Consortia System Team is currently thinking about a potential adjustment of our TRG 4.06 – Notice for docker images.

 

This TRG describes a necessary section with information about our container base images, that we provide in our repositories and also on our container image pages on DockerHub.

The notice section is currently allowed to be contained in either the top-level README.md, or in a dedicated file, without any restrictions on where this file should be kept in the repo.

 

The potential change to the TRG, that I want to get your opinion on, before providing a change proposal is the following:

 

We want to ALWAYS have the Notice for docker image section in a DEDICATED file instead of the top-level README.md.

The top-level README.md should still link the the notice (or notices in case you publish more than one image).

 

I see the following advantages in this:

• A dedicated markdown file, that is pushed as DockerHub description can be much better adapted for the specific audience than the repo README.md
  Only “how to use this image” instead of also “how to setup local repo” for example
• Emphasis on important things like “use on your own risk” disclaimers are more prominent and don’t get lost in a long README.md

 

So all in all, I think there would be some benefits, with only small amount of work for the repos that have their notice in the top-level README.md

 

But what do you think? Does it make sense to make this mandatory by adapting the TRG?

 

Thanks for your feedback!

 

Sebastian

If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.