Hi Sebastian,
 
I’m in favor of having a dedicated notice file, it’s more transparent.
 
Kind regards,
Evelyn
 
From:
tractusx-dev <tractusx-dev-bounces@xxxxxxxxxxx> on behalf of "sebastian.bezold--- via tractusx-dev" <tractusx-dev@xxxxxxxxxxx>
Reply to: tractusx developer discussions <tractusx-dev@xxxxxxxxxxx>
Date: Thursday, 18. January 2024 at 10:14
To: "tractusx-dev@xxxxxxxxxxx" <tractusx-dev@xxxxxxxxxxx>
Cc: "sebastian.bezold@xxxxxxxxxxxxxxxxx" <sebastian.bezold@xxxxxxxxxxxxxxxxx>
Subject: [tractusx-dev] Potential change to "Notice for Docker image" TRG
 
|  | Sent from outside the BMW organization
 - be CAUTIOUS, particularly with links and attachments.  |  | Absender außerhalb der BMW Organisation
 - Bitte VORSICHT beim Öffnen von Links und Anhängen.  | 
 
Hi all,
 
the Consortia System Team is currently thinking about a potential adjustment of our
TRG 4.06 – Notice for docker images.
 
This TRG describes a necessary section with information about our container base images, that we provide in our repositories and also on our container image pages on DockerHub.
The notice section is currently allowed to be contained in either the top-level README.md, or in a dedicated file, without any restrictions on where this file should be kept in the repo.
 
The potential change to the TRG, that I want to get your opinion on, before providing a change proposal is the following:
 
We want to ALWAYS have the Notice for docker image section in a DEDICATED file instead of the top-level README.md.
The top-level README.md should still link the the notice (or notices in case you publish more than one image).
 
I see the following advantages in this:
- A dedicated markdown file, that is pushed as DockerHub description can be much better adapted for the specific audience than the repo README.md
 Only “how to use this image” instead of also “how to setup local repo” for example
- Emphasis on important things like “use on your own risk” disclaimers are more prominent and don’t get lost in a long README.md
 
So all in all, I think there would be some benefits, with only small amount of work for the repos that have their notice in the top-level README.md
 
But what do you think? Does it make sense to make this mandatory by adapting the TRG?
 
Thanks for your feedback!
 
Sebastian
| If you are not the addressee, please inform us immediately that you have received this e-mail by mistake, and delete it. We thank you for your support.
 |