#custom build

ok, so you want to replace the official build function, and replace it with a configuration for CG's proprietary build system?

like a "reimplementation" of our build on a completely different tool?

or, do you want to still run the official build function, on dagger, but wrapped by CG's proprietary build system?

As part of our onboarding to use dagger, we appear to want CG to produce and manage the images we consume. I'm not sure what their build process is, but it seems they usually want a dockerfile as an input. We are asking them if they can fit the dagger engine build process into their flow.

So, it's not so much we need the full offiical build process with release notes, etc. Just they we need for CG to be able to build the engine and produce container images so they ensure vulnerabilities are remediated.

Would this be CG as a business officially supporting a build of dagger, potentially usable by other customers?

or your own organization privately configuring the CG build tool with your own recipe/config?

No, we are not using the CG build tool. We contract with CG for our images. They do all the building/maintaining

Ok. Then unfortunately our trademark policy does not allow Chainguard to do that. We explicitly forbid rebuilding and redistributing

Oh, interesting

They will need to get a trademark license from them

Notice how we're here supporting you, so that they can make a shit ton of money with no added value, without Dagger being compensated? That's why 😁

I've seen this movie before, with Red Hat.

Dagger is perfectly capable of updating our own dependencies when security vulnerabilities arise. Chainguard adds zero value in thus regard.

This process is all new to me on this side. I'll see what our requirements actually are vs what we usually do.

Sorry if this complicates your life. We know the people at Chainguard and are happy to chat with them anytime to work this out!

I'm not sure if it does or does not. I see the reasoning, and no ill-will here. I'll work it from my end and see what comes out of it.

ok 👍 ping me anytime

So, good news I've fleshed out so far: This won't be a blocker. Are we allowed to rebuild the container images so long as we don't redistrbute? (That's one option apparently)

Yes, there is no restriction on how you rebuild it for yourself (although I strongly recommend using the official dagger function, possibly modifying it if necessary. Do not recommend reimplementing our build on a completely different system). But it's your business how you build open source software for yourself - and Dagger is truly open source (no special license).

The issue is only with redistributing it to others under the name Dagger - that's a trademark issue.

Make sense.

We only care about vulnerability remediation and FIPS compliance type stuff. Don't want to rebuild the build process if we don't have to. There's a couple options to us, so just fleshing out the options.