On Thu, Aug 13, 2015 at 03:55:58AM +0000, Brandon Philips wrote:
> Until now the OCI spec has been focused on the runtime spec and I
> think we need to figure out what the next priority is for us after
> that. Hopefully looking at the harmonization work left to do with
> appc will help inspire those priorities.
I think we should *keep* opencontainers/specs focused on the runtime,
independent of all other container tooling. There can be separate
specs and tools for those separate issues [1,2,3]. There's a
lot going on in a container-based ecosystem, and trying to handle all
of that in one place that makes everybody happy is going to be
impossible. We should focus on writing composable tools based on
interoperable specs, so users can swap in the tools that match their
workflow without getting bogged down by complications or design
decisions that they don't need. This composability is §6.a in the
current draft charter [4], and keeping the individual tools minimal is
§6.f.
Of course, we need forums for discussing how these tools will fit
together, and the interface between appc and opencontainers/specs,
Nulecule and opencontainers/specs [5], and other interested
communities will probably be where this happens. Hopefully, the CNCF
will help here as well [5].
> The Application Container Spec ([appc][1]) defines a specification
> for all of these software container concerns: packaging, identity,
> distribution, and runtime. And over time, our goal, is to ensure the
> OCI spec has these same properties.
I'd rather have separate specs for identity and distribution. For
example, IPFS can almost handle this right now, and that's great for
me distributing my bundles. However, I imagine others will have
different tooling that fits into their system for distributing
bundles. We don't want to get into the business of making all the
decisions needed to build a whole container infrastructure, we just
want to make sure our runtime spec is as compatible with the rest of
the ecosystem as possible, and then provide good docs explaining
useful stack combinations (e.g. IPFS + runC, or appc + runC, or …).
> Based on the topics outlined above from the appc + OCI harmonization
> I think the two places to concentrate after this draft are:
>
> - Distribution: how are OCI images named and how do I find and
> download an image given a name
> - Identity: how to generate a cryptographic identity for a container
> image
I'm happy to have new OCI Projects (see my “many projects with
per-project TDCs” proposal [7]) that focus on these issues. But for
me, IPFS already handles distribution and identity well enough
(e.g. see [8]). I think pushing that sort of thing into
opencontainers/specs is just going to be distracting for folks who
only need the runtime container/application launch tooling.
Cheers,
Trevor
[1]:
https://en.wikipedia.org/wiki/Unix_philosophy
[2]:
https://github.com/opencontainers/specs/pull/76#issuecomment-124913227
[3]:
https://groups.google.com/a/opencontainers.org/d/msg/dev/_qzxN228Suw/-GLDjizZDgAJ
Message-ID: <
20150808040...@odin.tremily.us>
[4]:
https://github.com/opencontainers/web/blob/33bc0b2597cbfd37e4728660d4b74272603b6f97/content/charter.md
[5]:
https://github.com/opencontainers/specs/issues/73#issuecomment-126425653
and later comments in that issue
[6]:
https://github.com/opencontainers/specs/issues/5#issuecomment-115423504
[7]:
https://github.com/opencontainers/web/pull/4
[8]:
https://github.com/wking/oci-gentoo-minimal/tree/ipfs-gateway
--
This email may be signed or encrypted with GnuPG (
http://www.gnupg.org).
For more information, see
http://en.wikipedia.org/wiki/Pretty_Good_Privacy