Cloud Compatibility Program

[dangazineu]

It may be interesting for Temurin and the Adoptium community at large if the Adoptium Marketplace and the Temurin releases page were able to communicate a binary's compatibility with one or more cloud providers' infrastructure.

One way of achieving this could be by running AQAvit suite on each target cloud infra, and then reporting it individually in the binary's download page. In this case, instead of a single icon for AQAvit , a binary could have multiple icons for each cloud provider where it was AQAvit verified.

[tellison]

Thanks for the suggestion @danielgazineu - sounds like a good idea. Let me share a few thoughts...

As you know, AQAvit is our vehicle for demonstrating a runtime's quality. AQAvit is very flexible, and can be used during runtime development or a final release, runs on a variety of platforms and applies to Temurin and other Java SE compliant implementations. Those who wish to verify a binary have a set of obligations before declaring it "AQAvit verified".

The Adoptium project verifies each Temurin release using the platforms that we have in the project. The single icon that we place on the download page indicates that the project has conducted a successful verification. However, it is not clear from that single icon which platform was used, that is captured in the AQAvit results, and we declare our set of supported platforms based upon that.

It would definitely be helpful to know that Temurin passes the AQAvit verification tests on a very wide variety of platforms, including those not run directly by the project. Having cloud providers run the AQAvit tests (or granting access for the project to do so) would allow for broader verification.

We have discussed ways for the entire community to better share their AQAvit results. We've also spoken to other groups who are considering ways to distribute and advertise such attestations. These verification attestations would include rich details of the verification, and allow users to see the details. Cloud providers would be welcome to provide their testing results in this way.

In terms of implementation, rather than have multiple icons on the download page, I suggest the single AQAvit icon links to a view of the verified attestations. That may be a single webpage of know test results to start with, but may get as sophisticated as distributed ledgers.

Each cloud provider probably has their own definition of "a binary's compatibility" when it comes to how Temurin should be used in their environment, and how it should be configured for optimal use. I can imagine that we either provide links from the AQAvit verified status back into the cloud providers' own documentation about using Temurin, or we build up some local pages describing usage of Temurin in different cloud environments (similar to the way we currently describe how to install Temurin using different package managers).