[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[atomic-devel] Is running a registry part of the Atomic pattern?

This is an open question in my mind, asking here to start a discussion.  

To what degree is having a Docker registry part of the "Atomic pattern"
that can be applied to a distribution?  

The Atomic Host comes from the distribution - it's built from the
distribution's component parts.

However, as we talk about things that might be part of the host, or
might be privileged containers (like sosreport), I feel a bit of a pull
towards the host for trust reasons.  My feelings on the Hub are a bit
nuanced and I won't go into detail here, but basically if a distribution
had a registry, it would be possible to ship distribution-specific
"associated tools" with an Atomic Host as containers.

At the moment, neither Fedora nor CentOS (to my knowledge) have
registries.  Particularly as we get towards privileged containers that
*do* have some level of host dependency, I'd like to be able to say:
"Oh, you need sosreport?  docker pull centos.org/sosreport7" - and to
know that that version of sosreport works with that host.

Beyond the privileged container angle, if it was part of the pattern for
distributions to come with registries, this helps keep the trust
boundary.  Not everyone is going to trust all content on the Hub, but if
the images provided by the distribution (and kept to the same level of
rigor, e.g. built from known package components which in turn were built
from known source code), it would keep the same trust level.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]