[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] a better place for system container images?
- From: Dusty Mabe <dusty dustymabe com>
- To: Giuseppe Scrivano <gscrivan redhat com>
- Cc: atomic-devel <atomic-devel projectatomic io>
- Subject: Re: [atomic-devel] a better place for system container images?
- Date: Mon, 6 Nov 2017 13:44:56 -0500
On 11/06/2017 11:29 AM, Giuseppe Scrivano wrote:
> Dusty Mabe <dusty dustymabe com> writes:
>
>>>> - create a projectatomic-devel organization and put them under there
>>>> - put them under projectatomic/ but add devel or upstream in the name of each image.
>>>
>>> would a tag be enough?
>>
>> My personal opinion is no. Not many people inspect tags when using images.
>
> they will still need to specify the tag when pulling or installing the
> image. It is something like:
>
> atomic pull --storage ostree docker.io/projectatomic/etcd:devel
ahh. I thought you meant a label (not a tag). Yes, a tag is *better*.
>
> instead of:
>
> atomic pull --storage ostree docker.io/projectatomic/etcd-devel
>
>
>>> Most of the time, changes to the image are bug fixes. There is not
>>> really much development happening in the system container itself, so I
>>> don't see much disadvantage if these changes are propagated quickly.
>>
>> If there's not much changes going on then why can't we use the distro
>> registry which has a process for rebuilding images periodically to account
>> for CVEs? I know the Fedora registry is not perfect, but would like for us
>> not to fragment and have so many different places to pull a system container
>> from.
>
> do we prevent in some way that users using an image from
> registry.fedoraproject.org/f26/* will not keep using it once the new
> versions, that have a complete different name, are out?
I'm pretty sure once f25 is EOL those container images will no longer
be available since they won't be receiving updates.
>
> We want a centralized place where we can find all the updated binaries
> based on what we have in the upstream repository without any human
> intervention to sync them.
> Some of the images are not based on Fedora, so we would need at least to
> split them between the Fedora and the CentOS registries.
>
/me wishes we could build fedora and centos based layered images in the same
way so it would be the same process for both IMHO.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]