Re: Debian images on Microsoft Azure cloud
On 11/21/2015 04:17 PM, Marcin Kulisz wrote:
> On 2015-11-15 18:50:45, Wouter Verhelst wrote:
>> On Thu, Nov 12, 2015 at 09:04:29PM +0100, Thomas Goirand wrote:
>>> On 11/12/2015 04:52 PM, kuLa wrote:
>>>> On 2015-11-12 15:58:03, Thomas Goirand wrote:
>>>>> As per the discussions during debconf, to be called "official", the
>>>>> images have to be built:
>>>>> - directly from an unmodified stable
>>>>> - with reproducibility on any Debian computer (ie: no need for any
>>>>> external infrastructure access)
>>>> I don't think we reached any consensus in relation to the last point but I'm
>>>> not going to argue about it right now.
>>> There's IMO no consensus to have, unless we change the root of Debian
>>> (ie: the DFSG, and the fact that we do free software, and can build it
>>> in Debian). The need for an external infrastructure would make the
>>> images non-free. SaaS on a proprietary platform is as non-free as one
>>> can get. I don't anyone would say otherwise, would you?
>> Personally, I disagree with the statement that "the need for external
>> infrastructure would make the images non-free".
> Is software we're rebuilding to include in Debian less free because we're not
> using upstream provided binaries? No it's not, so as long as images can be
> build wherever you want and code with tools to do so is dfsg and available it
> is a free software and through this extension images.
I think we agree here. The point is, we should be able to build the
image on *any Debian machine*, but only *if we want to*. Building it on
the cloud provider is often convenient, and I have no problem with that.
> I'm not sure if it's possible to upload image and to build one to make them bit
> for bit identical for reasons like ex. timestamps on files, etc.
I'm sure it's not. Until the reproducible build team has a deep look
into debootstrap (and I know they are planning to do so at some
point...), it wont be possible.
On 11/23/2015 02:04 AM, Charles Plessy wrote:
> * When releasing an image, a list of all the packages installed and
> a list of checksums of all the files must be provided.
That's a nice idea, but not very useful. I very much prefer what Steve
has produce: a tarball with all source packages , which makes it a
way more DFSG style. Each individual md5sum of each files in anyway
stored in /var/lib/dpkg/info/*.md5sums within the image.
Thomas Goirand (zigo)