-----BEGIN PGP SIGNED MESSAGE-----
On 8/11/2012 9:54 PM, Stefano Zacchiroli wrote:
> On Thu, Nov 08, 2012 at 02:40:38PM +0100, Marco d'Itri wrote:
>> On Nov 08, Thomas Goirand <email@example.com> wrote:
>>> These AMI images should be released through the official Debian mirrors,
>>> or at least from a page on Alioth, not only from Amazon itself.
>> I understand that AMIs are on S3, are these buckets publically
>> As long as they are accessible to non-Amazon customers too, I see no
>> reason to distribute the images on our infrastructure too.
> Ah, good point! Not sure about accessibility to the public, though. IIRC
> they expect someone to pay for the bandwidth there? I guess others more
> knowledgeable than me on these matters could comment on that...
These are AMIs are stored as snapshots on Amazon S3. We can set the snapshot as 'public' to be viewable by anyone else with an account on AWS (this is separate form making the AMI public as a ready-to-launch image). However, we could make a EBS volume from the snapshot, and then 'dd' the image of the volume, compress up the image, and push that onto a public bucket where the world could download it. Right now, each Region's image is every so slightly different - they reference separate mirrors in /etc/apt/sources.list.
So, perhaps to keep this as low touch as possible:
* AMIs are marked as public - accessible to any AWS account
* The snapshots that create the AMIs are marked as public (so shareable within AWS, without starting the image)
* In one region, we do the snapshot->EBS->dd->gzip->S3 and thereby make it publicly downloadable. This can live in the AWS account, just as the AMIs do.
> Still, I think we should provide some trust path for people interested
> in retrieving the images. E.g. publishing image checksums signed by our
> archive key. And on that front too, we'll need to discuss with the
> archive admins what's the most appropriate work-flow.
We (Debian) can generate a digest of the snapshot (via the EBS volume we make from the snapshot), sign and publish this.
/Mobile:/ +61 422 166 708, /Email:/ james_AT_rcpt.to
PLUG President 2012: http://www.plug.org.au <http//www.plug.org.au>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
-----END PGP SIGNATURE-----