On 2015-11-15 18:50:45, Wouter Verhelst wrote: > On Thu, Nov 12, 2015 at 09:04:29PM +0100, Thomas Goirand wrote: > > On 11/12/2015 04:52 PM, kuLa wrote: > > > On 2015-11-12 15:58:03, Thomas Goirand wrote: > > >> As per the discussions during debconf, to be called "official", the > > >> images have to be built: > > >> - directly from an unmodified stable > > >> - with reproducibility on any Debian computer (ie: no need for any > > >> external infrastructure access) > > > > > > I don't think we reached any consensus in relation to the last point but I'm > > > not going to argue about it right now. > > > > There's IMO no consensus to have, unless we change the root of Debian > > (ie: the DFSG, and the fact that we do free software, and can build it > > in Debian). The need for an external infrastructure would make the > > images non-free. SaaS on a proprietary platform is as non-free as one > > can get. I don't anyone would say otherwise, would you? > > Personally, I disagree with the statement that "the need for external > infrastructure would make the images non-free". +1 Is software we're rebuilding to include in Debian less free because we're not using upstream provided binaries? No it's not, so as long as images can be build wherever you want and code with tools to do so is dfsg and available it is a free software and through this extension images. > If a cloud platform does not make it possible to *import* images from an > external source, then that requires that the image be built on their > infrastructure, even if it would otherwise be possible to build the same > image outside of their infrastructure. I wouldn't call that non-free, in > very much the same way that building the image on a machine which > requires non-free firmware to boot (such as a BIOS) would result in a > non-free image. That's another example. > I believe a more sensible requirement would be that "it is theoretically > possible to build a filesystem image on a cloud provider's > infrastructure that is bit-for-bit the exact same thing as one built > outside that infrastructure". I'm not sure if it's possible to upload image and to build one to make them bit for bit identical for reasons like ex. timestamps on files, etc.. I think that at least some providers are adding some metadate which would change any checksums produced before upload. -- |_|0|_| | |_|_|0| "Heghlu'Meh QaQ jajVam" | |0|0|0| -------- kuLa --------- | gpg --keyserver pgp.mit.edu --recv-keys 0x58C338B3 3DF1 A4DF C732 4688 38BC F121 6869 30DD 58C3 38B3
Attachment:
signature.asc
Description: PGP signature