Introduce policy for new images/packages (#2016)

* Introduce policy for new images/packages * Fix GitHub links * Upadte list
jupyter · Oct 27, 2023 · 2e35c52 · 2e35c52
1 parent df0464c
commit 2e35c52
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 0 deletions.
diff --git a/docs/index.rst b/docs/index.rst
@@ -32,6 +32,7 @@ Table of Contents
    :maxdepth: 2
    :caption: Maintainer Guide
 
+   maintaining/new-images-and-packages-policy
    maintaining/tasks
    maintaining/aarch64-runner
 

diff --git a/docs/maintaining/new-images-and-packages-policy.md b/docs/maintaining/new-images-and-packages-policy.md
@@ -0,0 +1,35 @@
+# Policy on adding new images and packages
+
+There are many things we consider, while adding new images and packages.
+
+Here is a non exhaustive list of things we do care about:
+
+1. **Software health**, details, and maintenance status
+   - reasonable versioning is adopted, and the version is considered to be stable
+   - has been around for several years
+   - the package maintains documentation
+   - a changelog is actively maintained
+   - a release procedure with helpful automation is established
+   - multiple people are involved in the maintenance of the project
+   - provides a `conda-forge` package besides a `pypi` package, where both are kept up to date
+   - supports both `x86_64` and `aarch64` architectures
+2. **Installation consequences**
+   - GitHub Actions build time
+   - Image sizes
+   - All requirements should be installed as well
+3. Jupyter Docker Stacks _**image fit**_
+   - new package or stack is changing (or inherits from) the most suitable stack
+4. **Software impact** for users of docker-stacks images
+   - How this image can help existing users, or maybe reduce the need to build new images
+5. Why it shouldn't just be a documented **recipe**
+6. Impact on **security**
+   - Does the package open additional ports, or add new web endpoints, that could be exploited?
+
+With all this in mind, we have a voting group, which consists of
+[mathbunnyru](https://github.com/mathbunnyru),
+[consideRatio](https://github.com/consideRatio),
+[yuvipanda](https://github.com/yuvipanda) and
+[manics](https://github.com/manics).
+
+This voting group is responsible for accepting or declining new packages and stacks.
+The change is accepted, if there are **at least 2 positive votes**.
diff --git a/docs/maintaining/tasks.md b/docs/maintaining/tasks.md
@@ -42,6 +42,7 @@ Pushing the `Run Workflow` button will trigger this process.
 ```{note}
 In general, we do not add new core images and ask contributors to either
 create a [recipe](../using/recipes.md) or [community stack](../contributing/stacks.md).
+We have a [policy](./new-images-and-packages-policy.md), which we consider when adding new images or new packages to existing images.
 ```
 
 You can see an example of adding a new image [here](https://github.com/jupyter/docker-stacks/pull/1936/files).