Request for Adding Ubuntu Kylin Archive

Anthony Wong anthony.wong at canonical.com
Thu Apr 3 04:10:37 UTC 2014 

On 3 April 2014 04:07, Stéphane Graber <stgraber at ubuntu.com> wrote:

> On Tue, Apr 01, 2014 at 11:42:34PM +0800, jackyu at ubuntukylin.com wrote:
> > Hi Technical Board,
> >
> > I'm writing to request to add an archive for Ubuntu Kylin flavor. This
> archive mainly includes Chinese commercial packages co-developed by Ubuntu
> Kylin team and commercial companies. We also developed a software center
> client that supports both Ubuntu archive and Ubuntu Kylin archive.
> >
> >
> > This request have already been supported by Jason, Leonard, Anthony,
> etc. from Canonical team. We know that in the rules of Ubuntu, flavors are
> not allowed to add archives. However, Ubuntu Kylin is a little special
> since it mainly focuses on  Chinese users.  Our partners (Such as Sogou,
> King soft) want to locate their apps in China.
> >
> >
> > Do you have any comments on this? Thanks in advance.
>
> Hi,
>
> My personal opinion on the matter is that it's too late to do that kind
> of stuff for 14.04, we are just a couple of weeks away from release so I
> don't think it's the right time to discuss potentially major changes to
> our policy with regard to what a flavour may use as its repositories.
>
> I can see why that kind of feature would be benefitial to you and for
> your users, however I'd need a whole lot more documentation on exactly
> how that'd work before I even consider this.
>
> One of my main concern is about how those packages would be built,
> where, who would sign them, how would the signing keys be handled, ...
>
> So far all the official archives of the Ubuntu project are basically
> handled in the same way, things build on Launchpad using the official
> build infrastructure and build chroots, the result is then either
> directly published to a signed archive (primary and partner archives) or
> published in a PPA and then mirrored and signed (extra and cloud
> archive). In all cases, we have a direct trust path between the archive
> master key and those sub-archive keys, the main private keys are sharded
> and we have a clear processus as to what to do in the event a key is
> compromised.
>
> As any such archive is technically able to push any package to any
> machine that has it enabled, it's critical that the security side of
> things is well thought through and documented ahead of times


Hi,

Will it be easier to leverage the existing Launchpad infrastructure for
package building and only publish the packages to Ubuntu Kylin archive?

I don't know if this is feasible, but just try to think of the possible
ways so we can achieve that by 14.04.

Thanks,
Anthony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20140403/ab315c83/attachment.html>

More information about the technical-board mailing list