Re: Debian images on Oracle Compute Cloud Service

To: Tiago Ilieve <tiago.myhro@gmail.com>
Cc: debian-cd@lists.debian.org, debian-cloud <debian-cloud@lists.debian.org>, Ben Hutchings <ben@decadent.org.uk>
Subject: Re: Debian images on Oracle Compute Cloud Service
From: Charles Plessy <plessy@debian.org>
Date: Sat, 30 Jan 2016 16:11:11 +0900
Message-id: <[🔎] 20160130071111.GD32701@falafel.plessy.net>
In-reply-to: <[🔎] CALdTKe-VK-ir+ondAOrdG=Y=2L9OD_6aXBrAdh9qhgUQOqHk+Q@mail.gmail.com>
References: <[🔎] CALdTKe-VK-ir+ondAOrdG=Y=2L9OD_6aXBrAdh9qhgUQOqHk+Q@mail.gmail.com>

Hi Tiago,

thanks for your efforts of summarising the current state of the art on what an
"official" image is.

As far as I remember, first there were people building Debian images on the EC2
and listing them on the Debian wiki.  This was mostly on a "best effort" basis,
and we were all a bit envious of the Ubuntu world where Eric Hammond was making
a fantastic work of releasing Ubuntu images on his alestic.com website.

Eventually Debian became present on the EC2 in a similar systematic way.  I
hope I will not upset people by citing too few names, but instrumental to this
were the work of Anders Ingemann for creating bootstrap-vz, and James
Bromberger for producing and dispatching the images.  Debian's presence on this
platform was supported by Amazon, which donated credits etc.

If you wonder why I am talking about history, it is because the point I want
to make is that the question of "what is official" was less burning at that time.

There had been mostly one discussion at the time where Stefano was DPL, and the
outcome was to minimise the differences beween the systems produced by Debian
Installer, our gold standard, and the images distributed on cloud platforms.
As you can see from the discussion on enabling backports or not, this is a big
challenge.  From my optimistic point of view, I woud say that it is hard
because the differences are really few and never gratuitous. 

Then came Debian on the Google cloud, with the support of Google.  Sorry for
not citing names, I was much less involved and already less active.  Again,
there was less nervousness than recently, regarding the questions "are these
images official ?".  Probably one of the reasons is that, on each platform,
Google and EC2, there is no alternative set of pre-built images that would
claim "if you want Debian images made by Debian, use this".

Things became a bit more complicated when images for OpenStack started to be
prodcued, because there is not central "OpenStack" cloud provider.  Thus one
can not tell people "go to OpenStack and run image number asdf1232".  Then,
instead of installing images Debian has to distribute images.  I feel that it
opens the questions of why these images are not used on Google and EC2, and on
my side I am satisfied by an answer such as "because it is not as easy as it
looks like; if it were the best solution we would be doing it already".

Involvement of Debian's intellectual property - our trademarked name - came at
the time of the preparation of Azure images.  Since I am much less active than
the previous years, I lost track on how this happened.  Or maybe a consensus
emerged at Debconf and it was considered enough (as opposed of having a
consensus on the mailing lists).  But it appears that the final say on deciding
if a Debian image on a cloud platform is endorsed by Debian or not ends up in
the hands of the trademark team, because they get to decide who can call
something "Debian" or not.  While I am happy with my interaction with the
trademarks team, I feel this disturbing.  I hope that this will stay a last
resort process to be used only in case there is no consensus possible on issues
such as "is it possible to use a custom kernel", etc, or to defend us from
rogue image providers.

So here is my personnal opinion: go ahead like it was done at the time the EC2
and Google images were done.  Keep people posted here, make them excited, build
a community, get feedback, etc.  Just because things can be better later does
not mean that they are not good enough now.

Lastly, If you are getting payed that is great.  I think that the goal of the
Debian Machine Usage Policies is to prevent unrelated use of our resources.  I
can not make scientific computations on the Debian infrastructures with the
sole goal of reducing the electricity bill of my research center, for instance.
But I do not see why, for performing tasks related to the development of
Debian, one could not use our machines while being payed.

So to cut a long story short, I recommend you to document somewhere the
difference between the Oracle image and systems prepared by the Debian
Installer, and to describe concisely the chain of trust, not only of people but
also of hardware, that should convince readers that the images are as pure
Debian as possible, and that the possibilty that malwares are introduced
together with the necesary changes are minimal.  In my opinion, if there is no
competition or challenge within the Oracle cloud about which images should be
used by default when somebody wants Debian, then by all means they are
official.

Have a nice day.

Charles

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan

Reply to:

Follow-Ups:
- Re: Debian images on Oracle Compute Cloud Service
  - From: Tiago Ilieve <tiago.myhro@gmail.com>

References:
- Debian images on Oracle Compute Cloud Service
  - From: Tiago Ilieve <tiago.myhro@gmail.com>

Prev by Date: Re: Debian images on Oracle Compute Cloud Service
Next by Date: Re: Debian Jessie growpart issue
Previous by thread: Re: Debian images on Oracle Compute Cloud Service
Next by thread: Re: Debian images on Oracle Compute Cloud Service
Index(es):
- Date
- Thread