Yeah, it looks like to be the state of the affairs anyway. I am not against adding UBI to the distribution, but I think it is fine if we keep both CentOS and UBI.
Regarding quay.io, it worth discussion in a separate thread. We can always update our release scripts to deploy to this platform, it is rather a question of the implementation cost and further maintenance overhead. Best regards, Oleg On Thursday, June 20, 2019 at 1:56:48 AM UTC+2, Scott McCarty wrote: > > Fred, > Yeah I just googled for Debian [1], Suse [2], Ubuntu [3]. They all > pretty much say the same thing. US Law, blah, blah, blag. Like I said, I am > now 99% sure the whole world is just "doing it wrong" and most entities > (projects, people, companies) are too small for the government to notice. > > I also scheduled a call with our legal export team to better understand > this myself. I need to be able to, at least describe it to communities, > partners and customers... > > Like I said, quay.io can manually turn on an enforcing feature if you > need it. I suspect DockerHub can too... > > [1]: Debian: https://www.debian.org/legal/cryptoinmain.en.html > [2]: Suse: https://www.suse.com/company/legal/terms-of-use/ > [3]: https://ubuntu.com/legal/ubuntu-advantage-service-terms > > Best Regards > Scott M > > On Wed, Jun 19, 2019, 6:16 PM Fred Blaise <[email protected] > <javascript:>> wrote: > >> Thank you Scott for going the extra mile. >> >> Your answer is what I expected it to be, and I would somehow concur on >> the fact that it's been around forever, but noone ever really cared. >> >> CentOS has them too, as you mentioned: https://www.centos.org/legal/ >> >> On Wed, Jun 19, 2019 at 3:45 PM Scott McCarty <[email protected] >> <javascript:>> wrote: >> >>> So, I went and did some research on this. Disclaimer, I am not a lawyer, >>> and Red Hat can't give specific legal advice. That said, these export >>> restrictions are in place and applicable no matter which base image you >>> choose/use (Alpine, CentOS, Debian, Ubuntu, etc). Essentially, the law is >>> the same no matter what, and can extend to non-US citizens as well (I >>> remember this from our yearly legal training) which I dread in December :-/ >>> >>> The difference here is that the UBI EULA is basically making people pay >>> attention to the problem now. Obviously, Red Hat is not going to be the >>> entity suing you if you break export compliance, it would be the US >>> government. Apparently, the whole world is "doing this wrong" today and >>> the world hasn't ended. I totally understand your nervousness with seeing >>> this in writing now. >>> >>> I tried to check the DockerHub FAQ [1], but it "looks" like they may >>> only be enforcing export compliance for their own products (they are an >>> entity that might be targeted). We are doing the same thing for quay.io >>> and I could talk to the quay people to have this turned on if you wanted to >>> distribute there (aka then quay.io would block those countries for >>> you). Quay.io has a roadmap item to give people a "check box" to turn this >>> on, but it doesn't exist yet and appears delayed. The short term solution >>> is "ask quay.io to turn it on behind the scenes" - sub optimal, but >>> still good that it's available. >>> >>> [1]: https://docs.docker.com/docker-hub/publish/publisher_faq/ >>> >>> Best Regards >>> Scott M >>> >>> >>> On Tuesday, June 18, 2019 at 2:42:00 PM UTC-4, Scott McCarty wrote: >>>> >>>> Oleg & Fred, >>>> Very good question. I am actually not sure myself, exactly what >>>> these restrictions mean. I am going to run it by one of our lawyers and >>>> get >>>> back to you. I will try and get more clarity... >>>> >>>> Best Regards >>>> Scott M >>>> >>>> On Tuesday, June 18, 2019 at 10:00:32 AM UTC-4, Oleg Nenashev wrote: >>>>> >>>>> FTR https://github.com/jenkinsci/docker/pull/826 for CentOS. >>>>> >>>>> Regarding UBI, I have the same concern as Fred. We have no tools to >>>>> enforce the Export limitations on DockerHub. I am also not sure that >>>>> restricting specific countries according to US laws is compliant with how >>>>> the Jenkins open-source project operates. IIRC we used to have >>>>> contributors >>>>> from the countries restricted by US. >>>>> >>>>> Best regards, >>>>> Oleg >>>>> >>>>> >>>>> On Monday, June 17, 2019 at 7:01:48 PM UTC+2, Fred Blaise wrote: >>>>>> >>>>>> Hi Scott, >>>>>> >>>>>> What do you think of the export restrictions in the EULA? (some ref: >>>>>> https://www.law.cornell.edu/cfr/text/15/740.17) >>>>>> >>>>>> Any chance you could confirm internally with Redhat that UBI is 100% >>>>>> fit for Jenkins open-source? >>>>>> >>>>>> Thank you. >>>>>> Best, >>>>>> fred >>>>>> >>>>>> On Wednesday, May 15, 2019 at 11:14:40 PM UTC+2, Scott McCarty wrote: >>>>>>> >>>>>>> All, >>>>>>> I saw this thread a while back, but couldn't respond until after >>>>>>> we launched UBI publicly. UBI follows the RHEL lifecycle, but has the >>>>>>> added >>>>>>> bonus that 1. new versions come out before CentOS and 2. receives >>>>>>> RHEL updates (exact same RPMS). You can build on think of it as CentOS+ >>>>>>> when ran anywhere, with the added bonus that it can be run on >>>>>>> RHEL/OpenShift and be fully supported by Red Hat. It's distributed >>>>>>> under a >>>>>>> different EULA than other Red Hat which does allow redistribution of >>>>>>> Red >>>>>>> Hat trademarks in the content set (YUM/RPMS, images, etc). Also, we >>>>>>> will >>>>>>> likely add packages in the future, but will never remove them. Feel >>>>>>> free to >>>>>>> ping me if you have any questions ([email protected]) or this >>>>>>> email... >>>>>>> >>>>>>> - >>>>>>> >>>>>>> >>>>>>> >>>>>>> https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image >>>>>>> - >>>>>>> >>>>>>> >>>>>>> >>>>>>> https://access.redhat.com/containers/#/product/5c180b28bed8bd75a2c29a63 >>>>>>> >>>>>>> Scott M (@fatherlinux) >>>>>>> >>>>>>> On Friday, May 10, 2019 at 4:09:56 AM UTC-4, Oleg Nenashev wrote: >>>>>>>> >>>>>>>> FYI there is a pull request for CentOS image in Jenkins Docker >>>>>>>> packages >>>>>>>> https://github.com/jenkinsci/docker/pull/826 >>>>>>>> >>>>>>>> On Wednesday, February 27, 2019 at 5:29:20 PM UTC+1, R Tyler Croy >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> (replies inline) >>>>>>>>> >>>>>>>>> On Wed, 27 Feb 2019, Olblak wrote: >>>>>>>>> >>>>>>>>> > But I am wondering, instead of going with Centos why not using >>>>>>>>> this PPA <https://launchpad.net/~openjdk-r/+archive/ubuntu/ppa> >>>>>>>>> with ubuntu? >>>>>>>>> > This would imply a smaller breaking change >>>>>>>>> >>>>>>>>> I do not believe that Jenkins should rely on any PPA (Personal >>>>>>>>> Package >>>>>>>>> Archive), they have a tendency of growing stale unlike mainstream >>>>>>>>> official >>>>>>>>> packages. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> GitHub: https://github.com/rtyler >>>>>>>>> >>>>>>>>> GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2 >>>>>>>>> >>>>>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Developers" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/jenkinsci-dev/6c0842d2-7e1c-4e00-97a0-3fea4eac979f%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/jenkinsci-dev/6c0842d2-7e1c-4e00-97a0-3fea4eac979f%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-dev/CAPNh5Ty7%3DoO%2BJCXaokqyPrthE4xKLZvG981b4dT%2BoH85f4XBaQ%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/jenkinsci-dev/CAPNh5Ty7%3DoO%2BJCXaokqyPrthE4xKLZvG981b4dT%2BoH85f4XBaQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/c7dd5f9f-c3b8-47d8-a3f4-4b42bab81f67%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
