On Thu, Nov 08, 2012 at 11:18:41PM +0800, James Bromberger wrote: > However, we could make a EBS volume from the snapshot, and then 'dd' > the image of the volume, compress up the image, and push that onto a > public bucket where the world could download it. That would be a nice alternative to piggyback it onto the mirror network. Would there be no bandwidth/traffic limits on how many people, outside AWS, download them? Still, I wonder, how reusable would be the AMI outside AWS context? I know that at still Eucalyptus uses the same format, but I'm not sure about the other infrastructures. > Region's image is every so slightly different - they reference > separate mirrors in /etc/apt/sources.list. Any reason not to use something like http.debian.net or the GeoIP redirector? Maybe that wouldn't work within AWS? No matter the matter of distributing the AMIs themselves, that sounds like a useful simplification in the preparation/upload process, no? > > Still, I think we should provide some trust path for people > > interested in retrieving the images. E.g. publishing image checksums > > signed by our archive key. And on that front too, we'll need to > > discuss with the archive admins what's the most appropriate > > work-flow. > > We (Debian) can generate a digest of the snapshot (via the EBS volume > we make from the snapshot), sign and publish this. ACK. Although we'll still need to investigate with the archive people how to actually do the signing (e.g. would anyone need to get extra access to the signing keys? would they do that? etc.). Any takers? Cheers. -- Stefano Zacchiroli . . . . . . . zack@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Attachment:
signature.asc
Description: Digital signature