Re: [atomic-devel] a better place for system container images?

[Giuseppe Scrivano <gscrivan redhat com>]

Dusty Mabe <dusty dustymabe com> writes:

>>> - create a projectatomic-devel organization and put them under there
>>> - put them under projectatomic/ but add devel or upstream in the name of each image.
>> 
>> would a tag be enough?
>
> My personal opinion is no. Not many people inspect tags when using images.

they will still need to specify the tag when pulling or installing the
image.  It is something like:

atomic pull --storage ostree docker.io/projectatomic/etcd:devel

instead of:

atomic pull --storage ostree docker.io/projectatomic/etcd-devel


>> Most of the time, changes to the image are bug fixes.  There is not
>> really much development happening in the system container itself, so I
>> don't see much disadvantage if these changes are propagated quickly.
>
> If there's not much changes going on then why can't we use the distro
> registry which has a process for rebuilding images periodically to account
> for CVEs? I know the Fedora registry is not perfect, but would like for us
> not to fragment and have so many different places to pull a system container
> from. 

do we prevent in some way that users using an image from
registry.fedoraproject.org/f26/* will not keep using it once the new
versions, that have a complete different name, are out?

We want a centralized place where we can find all the updated binaries
based on what we have in the upstream repository without any human
intervention to sync them.
Some of the images are not based on Fedora, so we would need at least to
split them between the Fedora and the CentOS registries.

Giuseppe