On 10/27/20 1:33 PM, Ross Vandegrift wrote:
On Tue, Oct 27, 2020 at 12:00:54PM -0700, Paul Graydon wrote:
Okay, that sounds like a reasonable route forwards here. Are there any
restrictions around what we can/cannot do, while retaining the Debian
branding, as it were? For example, with the CentOS images (that we build
and publish), there are some tight restrictions around what we install in
the images. The main obvious thing there that I'd imagine applies with
Debian too, is no installation of packages of a different version for that
that is packaged and shipped by them in their repository (so no replacing
the kernel, systemd, etc. etc.), at least not while still referring to it as
"CentOS".
We've mentioned the first restriction: only components from Debian main
can be included. It's not just that you can't replace packaged
software, it's that all software must be packaged.
The second is that official images must be built on Debian-owned
hardware by the cloud team. As long as the tools get extended with OCI
support, our pipeline takes care of this.
Third (I think last?) - images must be distributed from an account that
Software in the Public Interest (spi-inc.org) owns and operates on
behalf of Debian. Debian's legal existence is unclear, so we need a
trusted entity to negotiate and accept agreements for operating on OCI.
This can be a challenging process - I wouldn't wait on it to start
technical work, if you decide to pursue an official image.
Ross
Okay, I'm getting confused here. These restrictions don't seem to match
with the previous message, so I'm assuming I misunderstood something. I
think this may hinge around what is meant by "official" images.
There are some distributions that don't want us to build and publish
images with their name and/or branding on them. They want to build and
provide official images to us themselves. Others, like CentOS, prefer
we build and publish on our platform while retaining their branding and
naming, provided we meet their baseline requirements as I've mentioned
before. They also build and host their own images outside of our
platform, https://cloud.centos.org/centos/, and publish what they
describe as "official images" to AWS and Docker.
When you say "Official" are you meaning similar perspective to CentOS?
We could build and distribute Debian images ourselves, but Official ones
would be ones that you publish?
The reason I ask this is because Noah's message seems almost at odds
with the restrictions you provided above:
> If you want to build derivitive images that are based on our
> configuration and associated tooling but have additional software
> installed, you are free to use our tooling and configuration as a
> starting point. This is, for example, how Google builds the images for
> GCE. This allows them to add their own additional apt repositories and
> software that is distributed outside the Debian archive.
It reads like Google is building images based off your tooling, adding
their own repositories and packages from them. Your first restriction
would suggest that they shouldn't be installing their own software, and
the second that images can only be made in your infrastructure. I guess
the third restriction ties in to that too, because if Google is building
and adding the packages, presumably it's not via an account that spi-inc
controls?
Just to be clear, I haven't seen anything so far by way of restrictions
that I would see being a blocker. There are a few different ways to
having Debian on our platform, and I'm trying to make sure we find a
route that best fits everyone's requirements.
Paul
