On Thu, Oct 10, 2019 at 03:02:48PM +0100, Marcin Kulisz wrote: > > This is only email I got about this, so maybe I'm missing something > > here. But - is this something we shold talk about during sprint next > > week? > > IMO it makes sense to have a chat about it. If we want Debian to be more > visible and used it wouldn't hurt to do that. > > But I think problem in here is going to be not with technicalities per se but > with bringing people working on docker images to the team.
Assuming SPI has signed off on the user agreements for AWS marketplace access, we'll probably want to spend time on that topic in general, and ideally get the buster AMIs listed there. We should keep container image publication in mind as we work on that. One thing that's worth talking about, regardless of whether the Docker image maintainers are part of the cloud team or not, is how we control access to the marketplace publication process. At present, the only way to publish is via the web console. Access is controlled by IAM permissions, and we'll need to determine whether or not the permissions allow us to control publication access on a granualar enough basis to suit our needs. [1] Roles that can publish AMIs should not necessarily have the ability to publish container images, and vice versa. At the moment, I'm not sure if that's possible, since there aren't distinct actions for AMI publication and image publication, and resource level access isn't supported, so we might have to figure something out. [2] noah 1. https://docs.aws.amazon.com/marketplace/latest/userguide/detailed-management-portal-permissions.html 2. https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsmarketplacecatalog.html
