Re: Debian images on Microsoft Azure cloud
On 11/12/2015 07:58 PM, Bastian Blank wrote:
> On Thu, Nov 12, 2015 at 03:58:03PM +0100, Thomas Goirand wrote:
>> As per the discussions during debconf, to be called "official",
>
> And the rules for "unofficial" would be? At least I can't remember
> anything about wanting to use the label "official", only the name and
> logo.
>
>> As per the discussions during debconf, to be called "official", the
>> images have to be built:
>> - directly from an unmodified stable
>
> So the OpenStack images fail, as the script modifies and removes files.
Rephrasing:
- directly from an unmodified stable *packages*
>> Best would also be if the images could be built together with the rest
>> of the debian-cd infrastructure.
>
> Debian (including debian-cd) infrastructure can't be used for payed
> work.
This is a dangerous discussion to have. I am truly happy for you to do
some paid work with Microsoft here, especially if it is for pushing for
more of Debian in the cloud. But a the same time, I hardly see how this
could drive the decisions of how we are building the images. I'd very
much prefer if Microsoft understood that your work on the images are
best done within the Debian infrastructure, and agreed to pay for that.
> Also none of the built stuff is updated regulary with security
> fixes.
If you think we should do more regular updates of the cloud images (ie:
more often than the point releases), then we can discuss this with
Steve. The shellshock and heartbleed holes for examples, were very valid
cases were an update of these images would have been desirable.
It would be a very good idea to trigger builds if there's a DSA on a
package included in the image. I don't think it'd be too hard to implement.
Steve, your thoughts on this specific problem?
Cheers,
Thomas Goirand (zigo)
Reply to: