Re: Status of Debian accounts and legal agreements with cloud providers
Hi On Sun, Apr 07, 2019 at 11:10:45PM +0200, Bastian Blank wrote: > > I've found the relevant part of our puppet config and it's clearly > > straightforward, so I can get this address added to SPI's mail config as > > soon as Debian confirms which debian.org addresses (roles/aliases/lists > > preferred but individuals OK too) should be on it. > Aye. I'll ask DSA to create an alias, for now including: This was implemented in the meantime, please use cloudaccou...@debian.org. Regards, Bastian -- Even historians fail to learn from history -- they repeat the same mistakes. -- John Gill, "Patterns of Force", stardate 2534.7
Re: Status of Debian accounts and legal agreements with cloud providers
Bastian Blank wrote: > > I've found the relevant part of our puppet config and it's clearly > > straightforward, so I can get this address added to SPI's mail config as > > soon as Debian confirms which debian.org addresses (roles/aliases/lists > > preferred but individuals OK too) should be on it. > > Aye. I'll ask DSA to create an alias, for now including: > - 93sam > - lfilipoz > - serpent > - kula > - noahm > - waldi > - (leader?) (Yes on the last one given the non-standard nature of the arrangement and possible legal foo. We can always remove it later...) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org chris-lamb.co.uk `-
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy On Sun, Apr 07, 2019 at 01:31:11PM -0400, Jimmy Kaplowitz wrote: > > We need at least three different email addresses for AWS (one per > > account), > Are you saying that AWS doesn't allow multiple accounts to share an > owner email address? Anyway, not a big deal with address extensions. > Good idea. Yes, AWS uses the e-mail address as account identifier. So one e-mail address, one account. > I've found the relevant part of our puppet config and it's clearly > straightforward, so I can get this address added to SPI's mail config as > soon as Debian confirms which debian.org addresses (roles/aliases/lists > preferred but individuals OK too) should be on it. Aye. I'll ask DSA to create an alias, for now including: - 93sam - lfilipoz - serpent - kula - noahm - waldi - (leader?) > > plus one for Amazon. > Was this meant to be "plus one for Azure"? Yes, I meant Azure. Regards, Bastian -- Either one of us, by himself, is expendable. Both of us are not. -- Kirk, "The Devil in the Dark", stardate 3196.1
Re: Status of Debian accounts and legal agreements with cloud providers
On Thu, Apr 04, 2019 at 11:50:57PM +0200, Bastian Blank wrote: > On Thu, Apr 04, 2019 at 05:39:53PM -0400, Jimmy Kaplowitz wrote: > > Since Amazon wants the email address to correspond to SPI rather than > > Debian (i.e. if Debian were to leave SPI a new account would be needed), > > Urgs, but okay. > > > I was thinking of something like: > > debian-cloud-accou...@spi-inc.org > > where the members of that alias would include: > > Does the spi-inc.org setup supports address extensions, so we can use > something like debian-cloud-accounts[+-]azure@ and > debian-cloud-accounts[+-]aws-image@? Yes, it's postfix with "recipient_delimiter = +" in main.cf. > > I was thinking of using the same @spi-inc.org alias for AWS and Azure > > for simplicity; > > We need at least three different email addresses for AWS (one per > account), Are you saying that AWS doesn't allow multiple accounts to share an owner email address? Anyway, not a big deal with address extensions. Good idea. I've found the relevant part of our puppet config and it's clearly straightforward, so I can get this address added to SPI's mail config as soon as Debian confirms which debian.org addresses (roles/aliases/lists preferred but individuals OK too) should be on it. > plus one for Amazon. Was this meant to be "plus one for Azure"? > > using a cloud-neutral alias would also make sense to me > > on the Debian side, but I don't feel strongly about that. > > Yeah. - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
On Thu, Apr 04, 2019 at 05:39:53PM -0400, Jimmy Kaplowitz wrote: > Since Amazon wants the email address to correspond to SPI rather than > Debian (i.e. if Debian were to leave SPI a new account would be needed), Urgs, but okay. > I was thinking of something like: > debian-cloud-accou...@spi-inc.org > where the members of that alias would include: Does the spi-inc.org setup supports address extensions, so we can use something like debian-cloud-accounts[+-]azure@ and debian-cloud-accounts[+-]aws-image@? > I was thinking of using the same @spi-inc.org alias for AWS and Azure > for simplicity; We need at least three different email addresses for AWS (one per account), plus one for Amazon. > using a cloud-neutral alias would also make sense to me > on the Debian side, but I don't feel strongly about that. Yeah. Regards, Bastian -- You! What PLANET is this! -- McCoy, "The City on the Edge of Forever", stardate 3134.0
Re: Status of Debian accounts and legal agreements with cloud providers
On Thu, Apr 04, 2019 at 07:51:22PM +0100, Marcin Kulisz wrote: > On 2019-04-04 18:08:27, Bastian Blank wrote: > > Hi Jimmy > > > > On Wed, Mar 20, 2019 at 02:52:23AM -0400, Jimmy Kaplowitz wrote: > > > On Fri, Mar 15, 2019 at 05:43:59PM -0400, Chris Lamb wrote: > > > > Let me know if this stalls; I can put you in touch with someone on > > > > the Azure team. > > > > The Azure team asked some time ago for an email address to attach as > > owner to those accounts. Also we need that to attach AWS accounts. Do > > we have this address in the meantime? > > I don't think so. Amazon confirmed that it should be an SPI address (rather than a Debian address) but it can certainly include Debian aliases or people on the list. Can you give me a list of @debian.org entries to be in an @spi-inc.org email alias? I can get that sorted within the next week. - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
On Thu, Apr 04, 2019 at 07:51:22PM +0100, Marcin Kulisz wrote: > > > > Let me know if this stalls; I can put you in touch with someone on > > > > the Azure team. > > > > The Azure team asked some time ago for an email address to attach as > > owner to those accounts. Also we need that to attach AWS accounts. Do > > we have this address in the meantime? > > I don't think so. Some time ago (following the 2017 cloud sprint, IIRC), we created aws-ad...@debian.org. See #7163 in rt.debian.org, if you have access to that. This was created with a less well-developed understanding of our account needs than what we came up with at the 2018 sprint, but it is not currently being used for anything and we can easily repurpose it for the new AWS accounts. Per the original request, the membership should be: noahm jeb 93sam kula We should probably add the cloud delegates and (maybe?) an SPI representative to it if we're going to use it. Messages to that alias are being archived at master.d.o:~debian noah
Re: Status of Debian accounts and legal agreements with cloud providers
On 2019-04-04 18:08:27, Bastian Blank wrote: > Hi Jimmy > > On Wed, Mar 20, 2019 at 02:52:23AM -0400, Jimmy Kaplowitz wrote: > > On Fri, Mar 15, 2019 at 05:43:59PM -0400, Chris Lamb wrote: > > > Let me know if this stalls; I can put you in touch with someone on > > > the Azure team. > > The Azure team asked some time ago for an email address to attach as > owner to those accounts. Also we need that to attach AWS accounts. Do > we have this address in the meantime? I don't think so. -- |_|0|_| | |_|_|0| "Panta rei" | |0|0|0| kuLa | gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3 3DF1 A4DF C732 4688 38BC F121 6869 30DD 58C3 38B3 signature.asc Description: PGP signature
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy On Wed, Mar 20, 2019 at 02:52:23AM -0400, Jimmy Kaplowitz wrote: > On Fri, Mar 15, 2019 at 05:43:59PM -0400, Chris Lamb wrote: > > Let me know if this stalls; I can put you in touch with someone on > > the Azure team. The Azure team asked some time ago for an email address to attach as owner to those accounts. Also we need that to attach AWS accounts. Do we have this address in the meantime? Regards, Bastian -- We fight only when there is no other choice. We prefer the ways of peaceful contact. -- Kirk, "Spectre of the Gun", stardate 4385.3
Re: Status of Debian accounts and legal agreements with cloud providers
Hi everyone, On Fri, Mar 15, 2019 at 05:43:59PM -0400, Chris Lamb wrote: > Let me know if this stalls; I can put you in touch with someone on > the Azure team. On Fri, Mar 15, 2019 at 03:28:22PM -0700, Jose Miguel Parrella wrote: > I'm on the list as well, and I've pinged internally on this. On Fri, Mar 15, 2019 at 11:54:33PM +0100, Martin Zobel-Helas wrote: > My contact would had been Stephen Zarkos, too. On Fri, Mar 15, 2019 at 03:57:42PM -0700, Joshua R. Poulson wrote: > And, I'm watching as well, of course. --jrp The delays from everyone being busy and fitting this into secondary-priority slots of time are compounding, even though everyone is genuinely making a good-faith best-effort attempt to get this done: neither Amazon nor our lawyer has yet responded to my pings from last Friday (I re-pinged our lawyer tonight). As for Stephen, this week is busy enough at my day job that I was waiting until I got some traction on those points before scheduling something with him, so as not to waste his time. If all of these things drag on with quick way to resolve it, we might just be forced to click through the standard terms and conditions and deal with the consequent legal risks (or seek a subsequent amendment), in order not to block the buster cloud images release. The downsides of unresponsive pro bono SPI legal counsel... - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
And, I'm watching as well, of course. --jrp On Fri, Mar 15, 2019 at 3:54 PM Martin Zobel-Helas wrote: > > Hi, > > > > > >> What's the status with Azure, and Google? > >> Is there something that needs to be done? > > > > For Azure, I think Zobel was planning to ping via Credativ to get the > > right person at MS in touch with me, but I guess Stephen Zarkos is on > > -cloud and could probably do the same. I'm happy to talk, including via > > audio/video call during the workday (schedule permitting). > > My contact would had been Stephen Zarkos, too. > > Best regards, > Martin >
Re: Status of Debian accounts and legal agreements with cloud providers
Hi, > >> What's the status with Azure, and Google? >> Is there something that needs to be done? > > For Azure, I think Zobel was planning to ping via Credativ to get the > right person at MS in touch with me, but I guess Stephen Zarkos is on > -cloud and could probably do the same. I'm happy to talk, including via > audio/video call during the workday (schedule permitting). My contact would had been Stephen Zarkos, too. Best regards, Martin
Re: Status of Debian accounts and legal agreements with cloud providers
On 3/15/19 2:43 PM, Chris Lamb wrote: > Hi Jimmy, > >> For Azure, I think Zobel was planning to ping via Credativ to get the >> right person at MS in touch with me > > Let me know if this stalls; I can put you in touch with someone on > the Azure team. I'm on the list as well, and I've pinged internally on this.
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy, > For Azure, I think Zobel was planning to ping via Credativ to get the > right person at MS in touch with me Let me know if this stalls; I can put you in touch with someone on the Azure team. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org chris-lamb.co.uk `-
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Tomasz, On Thu, Mar 14, 2019 at 08:48:29AM +0100, Tomasz Rybak wrote: > > > As Buster is now frozen (yeah!) - what's the status here? > > > Or, is there anything that we (either as Cloud Team, > > > or me, Steve, and Luca - i.e. Delegates) can help here with? > > > > I got the legalese to review just yesterday from Amazon following a > > video call that day - apparently they've changed the standard > > language > > and we may or may not need a change any longer, but if we do, it may > > be > > a harder sell to Amazon legal than before they changed the default. > > We > > can still try either way. > > OK. Today I've finished reading the wording from Amazon, and it still has theoretically concerning language in it, but honestly the wording now parallels the Azure language pretty directly. The reality of the situation is that Amazon and MS wouldn't want to hose SPI or Debian with legal bills beyond our ability to pay if they get sued about our image contents, but it'd certainly be better if the writing reflected that. I've asked Amazon what's possible, though I realize their lawyers may or may not cooperate. I've just emailed our lawyer to try to get some phone time with her next week about this and other urgent SPI issues. Luca would be able to talk to her too, with him also being on the SPI board, but he's even busier than I am these days. > What's the status with Azure, and Google? > Is there something that needs to be done? For Azure, I think Zobel was planning to ping via Credativ to get the right person at MS in touch with me, but I guess Stephen Zarkos is on -cloud and could probably do the same. I'm happy to talk, including via audio/video call during the workday (schedule permitting). As with Amazon, I can't predict what changes are practically speaking possible. No blockers for Google - SPI already has a Google account for both G Suite and GCP, and I'm not aware of any legalese being requested in connection with how we're publishing our images there (i.e. we haven't been asked to agree to the GCP Marketplace terms). Any changes desired there would be a separate conversation. - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
On Tue, 2019-03-12 at 17:29 -0400, Jimmy Kaplowitz wrote: > Hi, > > On Tue, Mar 12, 2019 at 10:18:24PM +0100, Tomasz Rybak wrote: > > Hello. > > > > On Sun, 2019-02-17 at 20:34 -0500, Jimmy Kaplowitz wrote: > > [ cut ] > > > > What do you mean with "end of the buster cycle"? > > > > > > Ouch, I see how my poor choice of words there may be concerning. > > > :D I > > > just meant between now and buster's final freeze or release. I > > > did > > > not > > > mean to leave this problem unsolved until we're ready for > > > bullseye. > > > :-) > > > > As Buster is now frozen (yeah!) - what's the status here? > > Or, is there anything that we (either as Cloud Team, > > or me, Steve, and Luca - i.e. Delegates) can help here with? > > I got the legalese to review just yesterday from Amazon following a > video call that day - apparently they've changed the standard > language > and we may or may not need a change any longer, but if we do, it may > be > a harder sell to Amazon legal than before they changed the default. > We > can still try either way. OK. What's the status with Azure, and Google? Is there something that needs to be done? -- Tomasz Rybak, Debian Developer GPG: A565 CE64 F866 A258 4DDC F9C7 ECB7 3E37 E887 AA8C signature.asc Description: This is a digitally signed message part
Re: Status of Debian accounts and legal agreements with cloud providers
Hi, On Tue, Mar 12, 2019 at 10:18:24PM +0100, Tomasz Rybak wrote: > Hello. > > On Sun, 2019-02-17 at 20:34 -0500, Jimmy Kaplowitz wrote: > [ cut ] > > > What do you mean with "end of the buster cycle"? > > > > Ouch, I see how my poor choice of words there may be concerning. :D I > > just meant between now and buster's final freeze or release. I did > > not > > mean to leave this problem unsolved until we're ready for bullseye. > > :-) > > As Buster is now frozen (yeah!) - what's the status here? > Or, is there anything that we (either as Cloud Team, > or me, Steve, and Luca - i.e. Delegates) can help here with? I got the legalese to review just yesterday from Amazon following a video call that day - apparently they've changed the standard language and we may or may not need a change any longer, but if we do, it may be a harder sell to Amazon legal than before they changed the default. We can still try either way. - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
Hello. On Sun, 2019-02-17 at 20:34 -0500, Jimmy Kaplowitz wrote: [ cut ] > > What do you mean with "end of the buster cycle"? > > Ouch, I see how my poor choice of words there may be concerning. :D I > just meant between now and buster's final freeze or release. I did > not > mean to leave this problem unsolved until we're ready for bullseye. > :-) As Buster is now frozen (yeah!) - what's the status here? Or, is there anything that we (either as Cloud Team, or me, Steve, and Luca - i.e. Delegates) can help here with? Best regards. -- Tomasz Rybak, Debian Developer GPG: A565 CE64 F866 A258 4DDC F9C7 ECB7 3E37 E887 AA8C signature.asc Description: This is a digitally signed message part
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Bastian, On Fri, Feb 15, 2019 at 03:23:15PM +0100, Bastian Blank wrote: > On Sun, Feb 03, 2019 at 11:11:52PM -0500, Jimmy Kaplowitz wrote: > > The attorney advice was specifically targeted at reviewing the terms of > > service and getting some indemnification for some of the provisions of > > the marketplace agreements, if I remember right. > > I've just synced on IRC with the person who recommended this approach, > > and I'll be getting the necessary context from them in a call this week. > > Did you receive this information? Yes, and happily it's easier than I thought. In the case of the AWS Marketplace, the goal is simply to remove an indemnification provision that is there by default, not to draft anything new. The default provision is understandable for the typical commercial proprietary AWS Marketplace offering, but is badly matched to our very atypical situation in ways that even Amazon probably doesn't intend. So for this case, no lawyer needed on our end unless Amazon is uncooperative. From initial consultations with David, it seems he knows how to proceed and is working on getting me in touch with the right person at Amazon. I'll keep prodding that forward. Do you or Stephen know if the default legalese for Azure's accounts & image publication/discovery services would require SPI to indemnify Microsoft, or does the problem not apply there? If useful I can discuss privately with Stephen, even via conference call during the workweek. As for Google, any question of what changes might be warranted to SPI's agreements with Google are not timeline blockers for this image account transition/publication effort, since SPI already has agreed to the G Suite for Nonprofits and GCP legalese. I'm also not aware of any specific changes of this type to request there. > > (3) do whatever > > we can do between now and end of the buster cycle. > > What do you mean with "end of the buster cycle"? Ouch, I see how my poor choice of words there may be concerning. :D I just meant between now and buster's final freeze or release. I did not mean to leave this problem unsolved until we're ready for bullseye. :-) - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimma On Mon, Feb 04, 2019 at 11:06:11AM +0100, Bastian Blank wrote: > It's unclear right now what addresses can be changed. It is possible to > change the root account e-mail address on AWS. But David said at the > sprint that there is something else that ties our old account to jeb, > and that's the reason why we need to create new ones instead of > re-assigning the old account. I'll ask him. I talked to David. The information he was talking about is the initial account creator's information. Of this the most important things are e-mail address and name. Customer service might refer back to this person. Regards, Bastian -- Women professionals do tend to over-compensate. -- Dr. Elizabeth Dehaver, "Where No Man Has Gone Before", stardate 1312.9.
Re: Status of Debian accounts and legal agreements with cloud providers
On 2019-02-04 11:06:11, Bastian Blank wrote: > Hi Jimmy > > For an account that is only used by Debian and not other SPI > > projects, a @debian.org address would be okay too, but SPI people would > > need to be on it as well. > > > > Either way, SPI needs to (non-exclusively) receive all emails about legal, > > contractual, and billing/payment topics. > > Sure. Let's wait what David says, because depending on it we might need > to create it with @debian.org in the first place. I think creating all contact points in debian.org domain and then add mail redirect or alias this email address as mailing list would make most sense. So it stays under direct Debian control but we can add/remove/modify where it really points to. -- |_|0|_| | |_|_|0| "Panta rei" | |0|0|0| kuLa | gpg --keyserver pgp.mit.edu --recv-keys 0x686930DD58C338B3 3DF1 A4DF C732 4688 38BC F121 6869 30DD 58C3 38B3 signature.asc Description: PGP signature
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy On Sun, Feb 03, 2019 at 11:11:52PM -0500, Jimmy Kaplowitz wrote: > > The technical todo list AFAIK is: > > - Create an owner e-mail alias somewhere in spi-inc.org or debian.org, > > which can be used as account owner for multiple AWS accounts and > > Azure (so the alias needs to support address extension somehow). > > Can the owner email alias be changed later in unlikely hypothetical situations > like where Debian stops working with SPI? If yes, I think it should be > under @spi-inc.org since certain notices tied to the contractual > relationship would likely get sent there. It's unclear right now what addresses can be changed. It is possible to change the root account e-mail address on AWS. But David said at the sprint that there is something else that ties our old account to jeb, and that's the reason why we need to create new ones instead of re-assigning the old account. I'll ask him. > For an account that is only used by Debian and not other SPI > projects, a @debian.org address would be okay too, but SPI people would > need to be on it as well. > > Either way, SPI needs to (non-exclusively) receive all emails about legal, > contractual, and billing/payment topics. Sure. Let's wait what David says, because depending on it we might need to create it with @debian.org in the first place. > > This step needs a billing method assigned temporariliy. After that > > David can somehow move the projects into the Amazon OEM organization. > > If it's a brief temporary need with no charges expected, we can probably > use the SPI debit card. We should still get lamby to confirm as DPL that > any charges during the temporary period can be paid from Debian's funds, > but this should be no more of a problem than it was for the Debian Salsa > arrangement on GCP. Yes, that was my idea as well. > > - Create debian.org (or SPI with debian.org[1]) Azure Active Directory for > > authentication. > Hm. I don't know Azure AD enough to have an opinion right now about > which way this should happen. My ideal is that SPI would retain ultimate > control of the root of the hierarchy, that DSA would share control of > the Debian portion, and that Debian and SPI each have a way to > separately sync account/group info from (e.g.) Debian LDAP and from > anything SPI chooses to use. There is no hierarchy, so we need to create a Debian AAD and invite SPI as admins. Regards, Bastian -- A little suffering is good for the soul. -- Kirk, "The Corbomite Maneuver", stardate 1514.0
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Bastian, On Sat, Feb 02, 2019 at 12:29:14PM +0100, Bastian Blank wrote: > On Thu, Jan 31, 2019 at 04:30:25PM -0500, Jimmy Kaplowitz wrote: > > One slightly good thing is that the transition freeze is less of an > > important deadline for this legal task than the later freeze deadlines, > > so we can still get this done in time for buster if someone has the > > necessary time. > > It was just the deadline we set to ourselves to have enough time for the > actual transition. OK. > > If nobody has more time to pursue this than I currently do, I will do my > > best to initiate the necessary conversations by the end of next week and > > pursue them as required. If someone does have spare time to pursue this > > (with a CC to me as SPI President), that'd be great. > > I think the largest problem is to define what exactly needs to be done. > You wanted to get input from an attorney on the agreements. And that > sounded like a long process. If it's just the technical doing, then > it's rather easy. The attorney advice was specifically targeted at reviewing the terms of service and getting some indemnification for some of the provisions of the marketplace agreements, if I remember right. I've just synced on IRC with the person who recommended this approach, and I'll be getting the necessary context from them in a call this week. My guess is it wouldn't be horrible for us to sign up with the standard terms, but these things do get negotiated for cases like us where the terms don't have quite the intended effect. They're more written to target commercial proprietary software than our case. My plan: (1) get context about what the recommendation was, so that I can present it correctly to our lawyer; (2) get our lawyer to advise based on the standard terms and the context from step 1; (3) do whatever we can do between now and end of the buster cycle. > The technical todo list AFAIK is: > - Create an owner e-mail alias somewhere in spi-inc.org or debian.org, > which can be used as account owner for multiple AWS accounts and > Azure (so the alias needs to support address extension somehow). Can the owner email alias be changed later in unlikely hypothetical situations like where Debian stops working with SPI? If yes, I think it should be under @spi-inc.org since certain notices tied to the contractual relationship would likely get sent there. For an account that is only used by Debian and not other SPI projects, a @debian.org address would be okay too, but SPI people would need to be on it as well. Either way, SPI needs to (non-exclusively) receive all emails about legal, contractual, and billing/payment topics. My tentative thought is that you should get a @debian.org created for the Debian humans/lists that need to receive cloud provider account notices, and that I'll then get that alias plus some SPI people added to an new @spi-inc.org for use as the owner email address. Does that work? > - Create AWS accounts and accept > - https://aws.amazon.com/agreement/ > - https://aws.amazon.com/service-terms/ This will happen as soon as we figure out the indemnification / attorney advice, but I'm going to proceed on those prerequisites and look forward to creating the accounts. > This step needs a billing method assigned temporariliy. After that > David can somehow move the projects into the Amazon OEM organization. If it's a brief temporary need with no charges expected, we can probably use the SPI debit card. We should still get lamby to confirm as DPL that any charges during the temporary period can be paid from Debian's funds, but this should be no more of a problem than it was for the Debian Salsa arrangement on GCP. > - Create debian.org (or SPI with debian.org[1]) Azure Active Directory for > authentication. Hm. I don't know Azure AD enough to have an opinion right now about which way this should happen. My ideal is that SPI would retain ultimate control of the root of the hierarchy, that DSA would share control of the Debian portion, and that Debian and SPI each have a way to separately sync account/group info from (e.g.) Debian LDAP and from anything SPI chooses to use. I see your note here: > [1]: If the AAD is debian or spi+debian+others depends on how we want to > automatically manage users in the future. Permissions for user > management are global, so an automatic process can't be restricted to > debian.org. How would this line up with my preferences above? I realize not everything always is possible or easy. - Jimmy Kaplowitz presid...@spi-inc.org
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy On Thu, Jan 31, 2019 at 04:30:25PM -0500, Jimmy Kaplowitz wrote: > One slightly good thing is that the transition freeze is less of an > important deadline for this legal task than the later freeze deadlines, > so we can still get this done in time for buster if someone has the > necessary time. It was just the deadline we set to ourselves to have enough time for the actual transition. > If nobody has more time to pursue this than I currently do, I will do my > best to initiate the necessary conversations by the end of next week and > pursue them as required. If someone does have spare time to pursue this > (with a CC to me as SPI President), that'd be great. I think the largest problem is to define what exactly needs to be done. You wanted to get input from an attorney on the agreements. And that sounded like a long process. If it's just the technical doing, then it's rather easy. The technical todo list AFAIK is: - Create an owner e-mail alias somewhere in spi-inc.org or debian.org, which can be used as account owner for multiple AWS accounts and Azure (so the alias needs to support address extension somehow). - Create AWS accounts and accept - https://aws.amazon.com/agreement/ - https://aws.amazon.com/service-terms/ This step needs a billing method assigned temporariliy. After that David can somehow move the projects into the Amazon OEM organization. - Create debian.org (or SPI with debian.org[1]) Azure Active Directory for authentication. - Create Azure subscription with information sent to the owner e-mail. (At least it worked this way when we (credativ) did this setup.) Steve from Microsoft contacted zobel and me about the Debian publishing subscription. He wanted to know the owner e-mail address. Thank you for your work. Regards, Bastian [1]: If the AAD is debian or spi+debian+others depends on how we want to automatically manage users in the future. Permissions for user management are global, so an automatic process can't be restricted to debian.org. -- No more blah, blah, blah! -- Kirk, "Miri", stardate 2713.6
Re: Status of Debian accounts and legal agreements with cloud providers
Hi Bastian, Thanks for the ping. Unfortunately both my availability and Luca's have been severely impacted by other areas of our lives, and we're still in the same place on this item as during the sprint. (Though in Luca's defence, this particular commitment was mine; he had different ones, for which I don't know the status.) Sorry for failing to speak up sooner. One slightly good thing is that the transition freeze is less of an important deadline for this legal task than the later freeze deadlines, so we can still get this done in time for buster if someone has the necessary time. The major drain on my personal productivity (persistent weekday morning construction noise in my apartment building) has finally been officially projected to end some time during February, which is unfortunately a vague and unhelpful timing for this purpose. I've gotten busier at work since the sprint - for example, I do now have a full-time job - but my availability should still increase once that issue resolves. If nobody has more time to pursue this than I currently do, I will do my best to initiate the necessary conversations by the end of next week and pursue them as required. If someone does have spare time to pursue this (with a CC to me as SPI President), that'd be great. - Jimmy Kaplowitz presid...@spi-inc.org On Wed, Jan 30, 2019 at 08:05:32PM +0100, Bastian Blank wrote: > Hi Jimmy, Hi Luca > > During out spring last october you agreed on handling accounts and legal > agreements with cloud providers for Debian in your position as > representatives of SPI. As cloud team we agreed that we would like to > provide Buster already within those new agreements. > > In the time since the sprint no information about the current state or a > timeline for those agreements where posted ever. Also my contact at > Microsoft reported at least in december that no additional communication > happened. > > Now we are past our initial deadline of transition freeze two weeks ago. > What did happen on this matter? How do we want to go forward? > > Regards, > Bastian > > [Cc leader@ as this affects legal agreements of Debian with outsiders] > -- > Landru! Guide us! > -- A Beta 3-oid, "The Return of the Archons", stardate 3157.4
Status of Debian accounts and legal agreements with cloud providers
Hi Jimmy, Hi Luca During out spring last october you agreed on handling accounts and legal agreements with cloud providers for Debian in your position as representatives of SPI. As cloud team we agreed that we would like to provide Buster already within those new agreements. In the time since the sprint no information about the current state or a timeline for those agreements where posted ever. Also my contact at Microsoft reported at least in december that no additional communication happened. Now we are past our initial deadline of transition freeze two weeks ago. What did happen on this matter? How do we want to go forward? Regards, Bastian [Cc leader@ as this affects legal agreements of Debian with outsiders] -- Landru! Guide us! -- A Beta 3-oid, "The Return of the Archons", stardate 3157.4