On 10/27/20 1:33 PM, Ross Vandegrift wrote:
Okay, I'm getting confused here. These restrictions don't seem to match with the previous message, so I'm assuming I misunderstood something. I think this may hinge around what is meant by "official" images.On Tue, Oct 27, 2020 at 12:00:54PM -0700, Paul Graydon wrote:Okay, that sounds like a reasonable route forwards here. Are there any restrictions around what we can/cannot do, while retaining the Debian branding, as it were? For example, with the CentOS images (that we build and publish), there are some tight restrictions around what we install in the images. The main obvious thing there that I'd imagine applies with Debian too, is no installation of packages of a different version for that that is packaged and shipped by them in their repository (so no replacing the kernel, systemd, etc. etc.), at least not while still referring to it as "CentOS".We've mentioned the first restriction: only components from Debian main can be included. It's not just that you can't replace packaged software, it's that all software must be packaged. The second is that official images must be built on Debian-owned hardware by the cloud team. As long as the tools get extended with OCI support, our pipeline takes care of this. Third (I think last?) - images must be distributed from an account that Software in the Public Interest (spi-inc.org) owns and operates on behalf of Debian. Debian's legal existence is unclear, so we need a trusted entity to negotiate and accept agreements for operating on OCI. This can be a challenging process - I wouldn't wait on it to start technical work, if you decide to pursue an official image. Ross
There are some distributions that don't want us to build and publish images with their name and/or branding on them. They want to build and provide official images to us themselves. Others, like CentOS, prefer we build and publish on our platform while retaining their branding and naming, provided we meet their baseline requirements as I've mentioned before. They also build and host their own images outside of our platform, https://cloud.centos.org/centos/, and publish what they describe as "official images" to AWS and Docker.
When you say "Official" are you meaning similar perspective to CentOS? We could build and distribute Debian images ourselves, but Official ones would be ones that you publish?
The reason I ask this is because Noah's message seems almost at odds with the restrictions you provided above:
> If you want to build derivitive images that are based on our > configuration and associated tooling but have additional software > installed, you are free to use our tooling and configuration as a > starting point. This is, for example, how Google builds the images for > GCE. This allows them to add their own additional apt repositories and > software that is distributed outside the Debian archive.It reads like Google is building images based off your tooling, adding their own repositories and packages from them. Your first restriction would suggest that they shouldn't be installing their own software, and the second that images can only be made in your infrastructure. I guess the third restriction ties in to that too, because if Google is building and adding the packages, presumably it's not via an account that spi-inc controls?
Just to be clear, I haven't seen anything so far by way of restrictions that I would see being a blocker. There are a few different ways to having Debian on our platform, and I'm trying to make sure we find a route that best fits everyone's requirements.
Paul