Re: Official cloud image requirements
Le 06/06/2020 à 17:14, Noah Meyerhans a écrit :
> On Sat, Jun 06, 2020 at 08:28:30PM +0900, Charles Plessy wrote:
>>> AFAIK there is general consensus amongst us that we want the cloud
>>> images to be built on the Debian infrastructure, not on the cloud
>>> provider infrastructure.
>>
>> just for the record, here is what you added:
>>
>> * '''E. all cloud-related images have to be built on Debian
>> infrastructure''' (for instance Salsa, Casulana, Patterson machines).
>> This is to avoid risks that some cloud providers might injects their
>> code.
>
> I'm not a fan of that language. It puts us well into the tinfoil-hat
> realm, and ignores the reality of cloud adoption across a wide variety
> of industries, many of which have very significant security
> requirements.
I agree that he arguments you provided on the *why* we want to have
images build on Debian Infrastucture (Security against side channels
attack, Neutrality, Infrastucture Management ) makes more sense than the
last sentence (the 'This is to avoid risks ...' part), so I am
absolutely OK to remove that part.
Let's see if there are others opinion in this thread, and if the topic
is settled, we can remove the sentence from the Debian Wiki.
Emmanuel
--
You know an upstream is nice when they even accept m68k patches.
- John Paul Adrian Glaubitz, Debian OpenJDK maintainer
Reply to: