Request for Adding Ubuntu Kylin Archive

Stéphane Graber stgraber at ubuntu.com
Tue Apr 8 00:54:09 UTC 2014 

On Mon, Apr 07, 2014 at 05:40:00PM -0700, Steve Langasek wrote:
> On Fri, Apr 04, 2014 at 05:34:38PM -0400, Stéphane Graber wrote:
> > > > I think building the software in a private PPA, and then mirroring the
> > > > signed PPA onto NUDT's infrastructure would be a reasonable way of
> > > > achieving all the requirements.
> 
> > > > Would that be an acceptable solution?
> 
> > > It sounds like it meets Ubuntu Kylin's needs, but I would be wary of us
> > > trying to dictate the technical details at this level.  We might find that
> > > this is the best technical implementation, or we might find that something
> > > closer to partner, where packages are uploaded to a central archive queue
> > > and managed using the Ubuntu archive tooling, makes more sense.
> 
> > I think we can at least set the following high level requirements:
> 
> The Ubuntu Kylin team has captured this now in a wiki page:
> 
>   https://wiki.ubuntu.com/Ubuntu%20Kylin/Ubuntu%20Kylin%20Archive
> 
> Let's please iterate there.
> 
> >  - Uploaders must be Ubuntu members and have signed the CoC (I'd have
> >    been tempted to require ~ubuntu-dev but that'd mean pretty much nobody
> >    on the Kylin team would be able to upload...)
> 
> For comparison, I don't think we've ever required ubuntu-dev status for
> uploaders to the partner archive, but in practice the archive was /managed/
> by the ubuntu-archive team, for whom ubuntu-dev status is expected to be a
> precondition.  I think it's fine to only require Ubuntu membership at this
> phase.  But should the eventual goal be to require ubuntu-dev membership?
> Would that bring it more closely in line with the governance guidelines for
> the other archives?

+1

> 
> >  - Packages must be built on the same infrastructure as Ubuntu, using
> >    the same builder pool and build chroots.
> 
> I think this is overly specific.  It makes sense to specify the software
> environment (build chroots), but the Tech Board should not dictate that the
> packages be built in "the same builder pool" as Ubuntu, which is an
> implementation detail - only in a builder pool with equivalent security.  By
> default, PPAs do not build on the same builder pool used for Ubuntu, and
> there doesn't seem to be a reason for this PPA to build there.
> 
> I suggest the following wording instead:
> 
>   - Packages must be built in the Canonical-managed Launchpad builders,
>     using the same build chroots as the Ubuntu archive and with no
>     build-dependencies on other PPAs.

As discussed on IRC last weekend, that seems fine to me.

Is it worth specifying that we expect the build time sources.list to
match that of a regular archive upload? (all pockets enabled except for
backports and all components enabled)

It's also a bit of an implementation detail and probably won't matter
too much for Kylin but if we are to reuse this process at some point
later, it may be worth making sure things build with both -proposed and
-updates as real uploads do.

> 
> >  - The result must be signed by a GPG key managed by Canonical (not
> >    provided to the Kylin team) within the Canonical infrastructure.
> >  - That GPG key must be separate from any other key currently in use and
> >    should be (not a hard requirement for 14.04) signed by the archive
> >    master key.
> 
> For comparison, the Extras archive key does not appear to be signed by the
> archive master key.  So I would omit this "should" altogether, especially as
> it's unrelated to our key management model for these extension archives.

True but we did get the cloud archive signed I believe. We didn't bother
do extras at the same time since it's not used and on it's way out.

Anyway, clearly not a requirement at this point, this is nice to have
material and something we may want to discuss separately to try and get
some consistency there.

> 
> >  - Distribution will be done through a server managed by the Kylin team
> >    which will get its content from a private server on Canonical's network.
> 
> > That should leave enough room for implementation details to be decided
> > by the relevant teams (Launchpad, IS, Kylin) while enforcing the bits I
> > actually care about.
> 
> Let me know if the above sounds reasonable, and if I should update
> <https://wiki.ubuntu.com/Ubuntu%20Kylin/Ubuntu%20Kylin%20Archive>.
> 
> Thanks,
> -- 
> Steve Langasek                   Give me a lever long enough and a Free OS
> Debian Developer                   to set it on, and I can move the world.
> Ubuntu Developer                                    http://www.debian.org/
> slangasek at ubuntu.com                                     vorlon at debian.org



-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/technical-board/attachments/20140407/468cbe85/attachment.pgp>

More information about the technical-board mailing list