#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+--------------------- Changes (by mattdm):

* keywords: => meeting

Comment:

Some quick thoughts...

Since the resulting images can contain software which doesn't come from the official repositories, the secondary mark — Fedora Remix — might be appropriate. But that has some logistical concerns as well (like, the need to remove Fedora logos). Maybe we need to be providing a Fedora Remix Base docker image, with the generic files already in place. (That could itself be a layered image.)

I guess if this is made from the official Fedora base image with the Copr packages layered on top, this might fall under [https://fedoraproject.org/wiki/Legal:Trademark_guidelines?rd=Legal/Trademark... Unmodified Fedora software, with other content separately on same physical medium], although I'm not sure how the provisions there could reasonably followed.

I think we do need to talk with Legal about this.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by mattdm):

(With "Copr Fedora Remix" branding to be developed, of course.)

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by mattdm):

Oh wow. Ok, in that case, I'm pretty sure we don't the resulting images to be represented as "Fedora". I'm okay with this being branded as a Fedora ''service'', but that distinction needs to be made very clear.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by spot):

Replying to [comment:5 vgologuz]:

Please note, that dopr doesn't restrict Dockerfiles to use some

particular base image. The user could choose to use any other image from dockerhub, like:

{{{ FROM centos:latest }}} Even if we limit base image to some small approved set, it doesn't

provide any security. The user could do anything in the later Dockerfile commands. There is no difference between .spec and.Dockerfile or Copr repository and dockerhub image repository.

I'm really concerned about this point. I suspect strongly that there are dockerhub images that are very legally risky for us to be the distributor of. A quick search of dockerhub brings up the nvidia driver, ffmpeg, just to bring up two known items. Adding a layer of abstraction means this will be very difficult for us to police in the same way that we do coprs today.

If we could restrict this to the known good and "official" docker images (centos and fedora) combined with coprs, then that would resolve the legal risk concern on my part. I still don't think that the resulting images should be branded as Fedora, though, I don't see any real reason why the service couldn't be a "Fedora provided service" (again, assuming that we're only permitting centos/fedora base docker images).

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by spot):

Except that the Docker terms of service say that we (the owners of the Fedora account) are solely responsible:

6.4 You agree that you are solely responsible for (and that Docker has no responsibility to you or to any third party for) the Application or any Content that you create, transmit or display while using the Docker Services and for the consequences of your actions (including any loss or damage which Docker may suffer) by doing so.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by jwboyer):

Replying to [comment:11 mattdm]:

Spot, what do you think of the Fedora Remix branding here (assuming

limitation to Fedora base images)?

I think that's frankly very confusing. Why is the Fedora project, the trademark holder, shipping Remix images to a 3rd party hub from a _production_ tool? We don't distribute any other Remixes.

I like the idea around this tool, but I think it would be better off as a one-off service. User inputs a dockerfile and a copr, the service spits out an image for them to download. There is no distribution beyond that on the part of Fedora.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by vgologuz):

Sorry everyone, but I don't get idea about branding fedora image at Dockerhub. What problem does it solve? Currently any dockerhub user could create new container image which is based on fedora/centos/etc, add anything into it and push back to dockerhub. Somebody already mentioned existing images with embedded proprietary stuff.

Replying to [comment:13 mattdm]:

Would it be possible to tie this to users _own_ accounts at Docker,

rather than using a Fedora account?

It's possible, but it has other problem. Dockerhub doesn't provide API for automated build, so we would ask users to: 1) create dockerhub account 2) share private credentials. Such workflow becomes too complex and therefore it would repel many potentional users.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by mattdm):

Yes -- sorry for lack of updates.

Stephen Gallagher is going to talk to Docker upstream about including API for user-based token token authentication. And I'm going to talk to Red Hat legal about trademark concerns.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by msuchy):

Any progress?

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by ncoghlan):

Passing along a suggestion I made internally: would it make a difference to the discussions if these images were uploaded to DockerHub under a "COPR" or "SCLo" account, rather than the current Fedora account?

The key UX benefit of DOPR is to enable anyone with an existing FAS account to publish images on DockerHub as easily as they can publish new repos in COPR. A disjointed "make this thing over here under one account, download it, and then upload it somewhere else using a different set of credentials with no shared discoverability" doesn't even come close to achieving the desired outcome.

Given that the key goal is "publish to DockerHub using your FAS credentials", the "FedoraPeople" branding may also be appropriate, since the content restrictions on built images would be similar to those imposed on people.fedoraproject.org: http://fedoraproject.org/wiki/Infrastructure/fedorapeople.org

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by mattdm):

Okay, so, I've spoken with Richard and Spot, and in short we're okay to go ahead.

Richard agrees that while it's not a strict legal requirement, it would be better from a brand point of view to use a clearly-separated account and name: "Fedora Dopr" or "Fedora People" or whatever. There's, apparently, not a meaningful legal difference in doing this vs. users' individual Docker accounts, by the way.

Richard also feels that it'd be beneficial to have a stronger warning about permitted use on the Dopr site. (Possibly stronger and more visible than the one used for the Copr service, with a checkbox confirming that it's been seen.) He said he could write that -- Dopr devs, can you contact him directly about that?

And, the trademark guidelines for Fedora in general could stand to be updated for the new cloudy/containery world. (That's my wording, not his.) That's somewhat separate, but affects how we want to control use of Fedora branding in containers -- and, as Richard says, is more of a matter of the Council deciding what we want to do with the brand, not necessarily a legal mandate. But we need to have that conversation separately -- I don't think it's necessarily blocking here.

On a related note, I still think we should restrict the service to Fedora and CentOS bases, although it occurs to me that we shouldn't restrict it to just the base image, but also the layered images Fedora/CentOS produce + any other Dopr. That seems like it'd be reasonably easy to implement technically, especially if all Dopr containers are built in one Docker Hub namespace.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by langdon):

Replying to [comment:23 mattdm]:

I also have a non-legal/brand/trademark question! Is there any plan to

integrate this directly into Copr rather than being a stand-alone service?

From a UI perspective, I would like to see this too. From an architectural perspective, I would *much* prefer that dopr is a fed-msg activated service that copr can trigger (and get notified by).

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by msuchy):

Replying to [comment:22 mattdm]:

Dopr devs, can you contact him directly about that?

I just wrote him.

On a related note, I still think we should restrict the service to

Fedora and CentOS bases, although it occurs to me that we shouldn't restrict it to just the base image, but also the layered images Fedora/CentOS produce + any other Dopr. That seems like it'd be reasonably easy to implement technically, especially if all Dopr containers are built in one Docker Hub namespace.

1) Why? (just being curious). 2) I will check if it is technically possible.

Is there any plan to integrate this directly into Copr rather than being

a stand-alone service?

Technically it is so different so having it on the same machine does not have too much sense. But of course we can concat it via UI and links so for users it will be nearly the same. However I want to do one step at the time. Let see how it will work in production and if it will work, then lets bind it together with Copr.

#38: Dopr ------------------------+--------------------- Reporter: msuchy | Owner: Status: new | Priority: normal Component: Trademarks | Resolution: Keywords: meeting | ------------------------+---------------------

Comment (by mattdm):

Hey, is this still an ongoing project?

#38: Dopr ------------------------+----------------------- Reporter: msuchy | Owner: Status: closed | Priority: normal Component: Trademarks | Resolution: deferred Keywords: meeting | ------------------------+-----------------------

Comment (by mattdm):

Cool. For reference, a related conversation in Cloud WG: https://fedorahosted.org/cloud/ticket/148