►
From YouTube: Working Group: 2020-08-05
Description
* Exec.d: https://github.com/buildpacks/rfcs/pull/104
* Any Stack: https://github.com/buildpacks/rfcs/pull/97
* Opt-In Layer Caching: https://github.com/buildpacks/rfcs/pull/99
* RFC for RFC
* Image Signing
A
A
A
A
A
A
B
Yeah,
I
could
speak
for
emily
who's,
not
here
as
well
from
what
I
recall.
There
is
a
release
for
life
cycle
that
is
planned
for
the
end
of
this
week.
I
think
the
hope
is
to
try
to
get
it
out
tomorrow,
but
if
not
friday,
other
than
that
there
is
a
scheduled
ccb
or
code
freeze,
feature
complete
for
pac
on
tuesday.
B
B
And
then,
if
I
remember
correctly,
I
think
the
latest
build
pack.
Api
version
is
what's
going
to
be
supported,
which
is,
I
believe,
is
buildpack04
so
yeah.
I
think
that
might
impact
some
build
pack
authors
at
least
they
could
take
advantage
of
newer
functionality
that
way,
but
it
should
still
be
backwards
compatible
with
build
pack
api
03.
A
B
D
A
A
A
B
D
B
B
A
A
D
A
D
A
C
The
someone
I
forget
who
it
was
someone
in
there
pointed
out
that
the
n
format
that
we
were
going
to
use
doesn't
support
new
lines
at
all
works
for
everything,
except
for
new
lines,
no,
no
special
character
problems
or
anything
else,
except
except
new
lines,
because
that's
the
one
separator
they
used
to
find
the
thing.
So
I
I
listed
some
options
at
the
bottom
and
I
put,
but
I
I
put
it
on
the
agenda,
so
we
could
talk
about
it.
Okay,.
C
Seemed
pretty
good
and
then
at
the
last
minute
I
think
it
wasn't
someone
from
gitlab
was:
maybe
someone
from
google
chimed
in
and
said,
hey
wait
a
second.
I
know
this
actually
works,
then
whatever
that
is
the
so
I
listed
five
options
down
there.
One
is
we
could
just
not
support
new
lines.
I
don't
think
that's
a
good
idea.
C
One
is
we
could
come
up
with
a
different
way
of
encoding
new
lines,
because
it
really
is
just
this
one
problem:
it's
not
it's
not
like
a
general
special
character
problem.
It's
like
new
lines
are
the
problem.
That
seems
pretty
weird,
though
I
don't
want
that
new
format.
You
know
the
we
could
use
tomml
and
maybe
maybe,
instead
of
using
our
key
value,
key
equals
value,
equals
format,
because
it's
all
supposed
to
be
machine
readable.
C
You
just
use
tomml
as
the
way
to
specify
keys
and
values,
would
look
just
like
environment
variables,
but
with
you
know,
tamil
doing
you
know
managing
escaping
and
you
use
tama
libraries
disadvantage
there
is
that
you're
using
the
tamil
parser
during
launch
right.
So,
if
you're
using
like
burnt
sushi
and
does
a
lot
of
weird
reflection,
you
know
it
may
add
a
couple
extra
milliseconds
to
launch
time.
I
don't
think
it's
really
a
big
concern,
especially
because
it's
flat
list
right,
there's
not
a
lot
of
deep
nested
structure
in
there.
C
C
C
C
The
next
two
options
are
maybe
slightly
more
standard,
but
also
kind
of
more
exotic,
like
the
weak
bash,
actually
has
a
format
and
there's
even
a
posix
standard
format,
sort
of
for
listing
environment
variables
like
this
kind
of
that's,
you
can
use
export-p
and
it'll
output,
something
in
bash
five
plus
usually
doesn't
have
any
problems
before
bash.
Like
4-4,
though
there
are
a
bunch
of
issues
with
it
and
it
doesn't
actually
work
with
some
characters.
C
So
I
gave
some
options
there
in
four
and
five.
I
wouldn't
really
recommend
either
of
them.
That's
pretty
weird,
especially
because
we
don't
bash
here
and
can't
really
parse.
That
anyways,
like
you'd,
have
to
write
a
manual
parser
for
this
stuff
for
the
use
cases
we
care
about
it.
For
so
I'm
not
very
partial
to
those.
So
I
think
I
think
tomml
is
pretty
good.
There's
one
option
that
someone,
because
the
guy
from
get
lab
mentioned,
I
forget
where
he
mentioned.
This
might
have
been
over
slack.
C
We
could
chain
them
together,
so
we
could
have
each
exec
responsible,
like
you
could
pass
each
exact,
the
next
exec
and
the
chain
and
hope
that
they
correctly
exec,
meaning
the
syscall
exec
like
exec
v
or
whatever
the
next
process
with
the
right
arguments.
It
would
be
especially
difficult
for
the
last
one,
but
then
you'd
have
the
inherited
environment
going
all
the
way
through
that's
kind
of
tempting,
because
I
could
see
the
perfect
behavior
for
preserving
environment
variables.
C
A
I
had
a
well-written
comment
that
basically
said:
hey
like
this
is
a
giant
pain
in
the
ass,
because
imagine,
you've
got
a
bash
bash,
build
pack
and
you're
trying
to
generate
tommel
as
output,
and
I'm
like
oh
yeah.
He
can't
execute
that
kind
of
build
back
here.
So
I
guess
that
doesn't
matter
like
I'm
surprised,
you
don't
like
four
right,
like
the
life
cycle
should
be
able
to
parse
that
relatively
easily.
It's
intuitive
like
to
be
bluntly,
honest
with
you.
A
I
am
surprised
to
hear
that
four
just
doesn't
work
right
like
it's
exactly
what
you'd
expect
it
to
be
so
like
that
feels
like
something
we
have
the
ability
to
write
or
to
to
parse
nicely
and
reflects
what
I
think
the
instinct
of
contributors
of
contributors
of
environment
variables
would
do.
In
fact,
I
believe
this
is
like
sort
of
all
the
places
we
do.
This
kind
of
thing
we
literally
write
out
that
kind
of
output.
A
C
The
I
don't
know
how
well
this
format's
defined,
I
think
the
stuff
between
the
quotes
there's
a
bunch
of
weird
escapee
things.
You
have
to
do
for
special
characters.
That
aren't
like
this
example
is
a
simple
example,
but
it's
it's
not
yeah.
It
didn't
feel
like
it
was
enough
of
a
standard.
I
was
really
hopeful
about
it
for
the
same
reasons
like
even
if
you're
not
going
to
shell
parse,
that,
even
if
export
and
declare
are
literally
meaningless,
commands
you're
going
to
stick
in
front
of
each
line.
C
For
no
reason
like
I
even
thought:
can
we
strip
out
the
export
or
the
declare
dash
x
and
declare
the
format
to
be
like
thing
equals
thing,
but
then
that
middle
format,
it
just
varies,
how
you
escape
the
middle
thing
varies
between
versions
of
bash
tremendously
for
three
they're
totally
different
escapes,
and
it
doesn't
work
completely
for
four
plus
it
works,
but
it's
very
complicated
it
just
it
started
to
seem
like
it
wasn't
worth
it.
Is
it
not
worthwhile.
A
C
A
C
Pretty
good,
I
don't
think
you
need
a
tamil
parser
in
order
to
output
it
or
to
read
it.
If
you
really
didn't
want
to
use
one
yeah
agree,
tom
will
allow
quoted
keys.
That's
the
only
thing,
but
again
if
this
is
a
subset,
if
we
say
you're
not
allowed
to
use
quoted
keys
when
you
output
it,
then
you
know.
A
A
You
know
whatever
it
is,
and
I
think,
even
if
we
sort
of
think
of
it
as
a
subset
of
tunnel,
we
should
define
it
the
same
way
right,
like
whatever
the
character
set
and
then
an
equal
sign,
potentially
with
white
space
on
either
side
and
then
the
rest
potentially
quoted
right
like
and
then,
and
then
that
gives
us
the
ability
to
to
be
a
bit
more
specific
and
then
use
tooling.
That
happens
to
understand.
That's
that's
upset.
C
A
C
C
D
C
I
think
there
are
two
questions
in
there
in
in
reverse
order,
because
I
think
the
answer
to
your
question.
It
helps
answer
terrance's
question
the
a
statically
compiled
go
binary
right
that
includes
lib
muscle
in
it
is
going
to
run
on
any
linux
like
that,
you
know
a
build
pack,
that's
bash
script
that
only
uses
bash
built-ins
right,
yeah,
probably
gonna,
you
know,
comply
as
posix
compliant.
It's
probably
gonna
run
on
a
very.
A
A
C
A
C
Yeah,
so,
okay,
so
that's
a
different
problem.
That's
that
that's!
Actually.
I
was
very
worried
about
that
and
thought
we
need
to
introduce
another
key
for
operating
system,
but
you
can't
actually
start
that
build
because
the
build
pack
is
is
going
to
be
in
the
build
package
format
for
windows
not
to
build
package
format
for
linux,
so
you
wouldn't
be
able
to
get
the
build
pack
onto
the
image
anyways.
So
that's
it.
A
C
A
C
C
If
you
don't
have
any
restrictions,
it
runs
on
everything
that
feels
like
it's,
a
very
good
design,
sort
of
what
it
looks
like
as
opposed
to
introducing
a
random
bull.
That
says,
if
this
list
is
empty,
don't
fail.
You
know
that
seems
like
a
weird
thing
to
do.
At
the
same
time,
you
could
totally
see
people
just
saying:
build
pack
build
pack
tamil,
oh,
I
need.
Oh,
it
doesn't
work
if
the
file
is
empty.
Here's
an
id
doesn't
work
if
the
version's
empty
here's
the
version.
Oh
my
build
pack
works.
C
Now
I'm
going
to
ship
it
and
then
it
doesn't
work
on
everything.
But
at
that
point
like
didn't
you
kind
of
make
this
thing
with
the
idea
that
you
know
you
kind
of
wanted
it
to
just
work
on
things
and
if
it
fails
during
build,
then
you
know
that's
kind
of
your
fault.
It's
like
as
a
build
tech,
author,
you've
kind
of
shot
yourself
in
the
foot
there.
You
know
you're
not
going
to
do
a
good
job
of
making
sure
your
build
pack
is
perfectly
compliant
with
whatever
stacks
you've
selected
anyways,
like
I'm.
A
Yeah,
like
we
all,
we
all
claim
to
be
compliant
with
bionic,
but,
like
I
don't
know
like
I
don't
know
what
heroku's
bionic
stack
actually
looks
like
and
whether
it
works
until
somebody
actually
goes
off
and
runs
it
and
opens
a
bug
and
says
hey.
This
doesn't
actually
work
right
like
we're
doing
the
best
we
can.
B
Yeah
I
was
gonna
say
like
I
do
wonder
if
the
the
need
for
id
is
really
there
right
like,
if
you
think
about
make
sense
like
you
would
think
about
labels
and
any
sort
of
like
resource
driven
system
like
the
mix
in
or
the
label
would
help
you
better
narrow
down
what
the
compatibility
is
for
said
resource
so
like,
ultimately,
what
I'm
thinking
is
I'd
like
to
be
able
to
specify
you
know
stacks
without
having
to
specify
a
very
specific
id,
but
still
be
able
to
provide
labels
or
mix-ins.
That
say,
you
know
windows.
B
C
I
think
that's
what
we
were
trying
to
do
with
there
was
a
an
rfc
a
while
back
about
making
stack,
ids,
not
specific
right,
instead
of
there
being
a
stack
id
for
the
heroic
version
of
bionic
or
the
cf
version
of
bionic.
There's
an
rfc
where
we
said
the
project
will
define.
I
o
build
pack
stacks
play
on
it,
because
anybody
who's
going
to
use
a
bionic-based
stack,
that's
derived
from
ubuntu
column.
C
A
Yeah,
and
so
because
the
mix
in
syntax
is
like
semantically,
like
as
we
discussed
in
previous
meetings,
is
semantically
adjacent
to
the
actual
stack
id
itself
right.
We've
designed
designed
bionics
mix-ins
to
be
packaged
names,
but
not
all
stacks
would
design
mix-ins
the
same
way
like,
I
think
it
sort
of
acts
as
a
first
level
selector
right
similar
to
your
you
know,
linux
or
windows,
and
then
underneath
it.
You
can
describe
actually
what
you
need
to
run.
Given
that
sort
of
core
screen
selector.
B
Right,
so
what
if
you
know,
I
hear
a
couple
concerns
like
if
we
were
to
leave
stacks
completely
gone
right,
which
it
means
that
people
might
not
add
it
and
inadvertently
create
something
that
now
assumes
can
be
run
on
any
system.
What,
if
we
actually
left
the
key
and
then
for
id,
did
something
like
an
asterisk
right
like
a
special
character
or
a
special
token.
That
signifies
I
explicitly
say
that
this
could
run
on
any
stack
right
and
then
you
can
still
leverage
mixins
for
whatever
they
may
mean.
B
A
A
C
It
means
when
you
use
this
other
stack
id.
These
are
the
mix-ins
you
need
to
have
with
it,
but
if
you
don't
you're,
not
using
that
stack
id
and
you
you
know
yeah,
if
you're
not
using
that
stack
id,
that's
specified,
then
it'll
still
try
to
run
it.
Just
won't,
do
any
validation
and
then
mix-ins
is
not
allowed,
probably
with
star,
because
then
you
get
this
problem
like
the
mix
and
names
mean
different
things
in
the
different
stacks.
A
C
A
The
the
advantage,
the
advantage
of
javier's
star
suggestion
or
whoever
came
up
with
sort
of
an
opt-in,
but
the
star
one
specifically,
is
appealing,
because
my
memory
of
stack
declarations
in
build
packs
is
as
an
allow
list
right.
Like
you
put
in
the
things
you
want
to
run
against
so
an
empty
one
in
the
old
way
of
thinking
about
it
means
I
run
against
nothing
versus
having
a
wild
card.
D
C
So
that
that
starts
to
scare
me,
because
then
then
you
can
do
things
like
say.
I
want
image
magic
right.
I
want
some
c
library
and
I,
but
I'm
okay,
with
any
abi
like
like
with
different
apis
right
of
that
same
library
and
on
the
hope
that
you're,
like
you're
kind
of
hoping
for
something
to
happen.
But
the
result
you
get
is
pretty
bad,
which
is
that
whatever
you
install
probably
only
works
with
one
of
them
right,
because
you've
built
a
binary
against.
A
C
A
Oh,
I
don't,
I
don't
think,
that's
necessarily
true
right
like
as
long
as
you,
you
could
imagine
like
compiling
against
it
locally
right
like
as
part
of
your
build
phase.
It
just
needs
to
link
against
it
once
and
then
you're
ab
you're
guaranteed
abi
compatible
against
the
thing
you
just
linked
against
right
and
if
you
care
more,
you
can
say
here
is
exactly
the
concrete
version
of
a
particular
version
of
ubuntu
that
I
want.
D
C
Yeah,
but
I'm
I'm
worried
about
an
interface,
I'm
worried
about
creating
an
interface
where
people
can
do
something
that
looks
like
it
should
work
right.
That
looks
like
they're,
adding
just
the
right
level
of
validation
and
then
when
they
actually
try
to
use
it,
it
has
unexpected
gotchas.
If
that
makes
sense,
I'm
I'm
fine
with
adding
star
as
an
option
and
then
for
this
rfc
and
then
expanding
on
it
in
the
future
to
allow
for
wild
card
matching.
C
If
the
wild
card
matching
or
something
like
you
know,
you
could
match,
you
could
guarantee
that
this
will
only
run
on
ubuntu
based
stacks
right.
You
know
where
that
are
part
of
the
io
build
tax,
bionic
project
where
all
of
the
you
know,
mix-ins
are
defined
in
this
very
particular
way
right.
If
there
were
a
way
to
constrain
it.
To
that,
I
think
I'd
be
okay
with
it
like,
because
it
is
talking
about
build
time
validation.
C
A
Of
like
yeah
that
may
that
may
want
to
make
us
want
to,
for
example,
repurpose
I
I
was,
I
totally
blanked
on
what
it's
called.
Currently,
it's
called
I
o
build
pack
stacks,
bionic
right
and
so,
like
anything,
you'd
wild
card
would
be.
I
o
build
pack
stacks
right,
and
so
it
may
mean
that
we
actually
need
it
to
be.
I
o
build
pack
stacks
and
then
two
bionic
company
focal,
and
then
I
o
build
pack
stacks
rel,
whatever
the
hell
rel
calls
their
releases
kind
of
thing
to
help
with
that
or
introduce.
C
D
C
I
o
build
pack
stacks.
Ubuntu
would
be
a
stack
id
that
you
would
want
to
put
on
both
ioble
pack
on
a
run
image
that
has
iobill
pack
stacks
bionic
on
it
too,
so
it
still
validates
that
that
would
require
a
lot
more
changes
like
you'd.
Have
you
have
this
concept
of
multiple
stack
ids
on
an
image
that
are
compatible
and
then
you
have
to
match
certain
ones
up
in
certain
cases
and
other
ones
up
in
other
cases,
but
I
think
the
general
you
know
we're
talking
about
ux
for
the
next
generation
version
of
it.
C
B
To
make
an
argument
for
that
last
piece
like,
I
think
there
is
value
to
be
able
to
have
mix-ins
with
a
star
and
I'm
thinking
more
specifically
for
a
scenario
where
you
know
you
can
think
about
a
enterprise
and
they're
controlling
both
the
builders,
the
stacks
and
the
build
packs
themselves,
and
they
have
different
people
that
are
in
charge
of
the
different
aspects
of
it,
where
they're
just
creating
the
stacks
themselves
and
then
another
set
of
people
that
are
creating
build
packs.
Or
even
you
know,
as
part
of
project
tamil.
B
You
could
import
local
build
packs,
and
at
that
point
you
know
that
there's
a
certain
convention
to
the
mixins,
as
you
know,
kind
of
going
back
to
what
labels
are,
and
ultimately
I
wanted
to
apply
to
any
build
pack
or
sorry
any
builder
or
any
stack,
because
these
are
the
ones
that
I'm
allowed
to
use,
and
I
don't
want
to
have
to
keep
updating
this
list
of
available
stack.
Ids
right
like
I,
don't
want
to
have
to
coordinate
that
effort
between
two
individual
teams
and
I
feel
like
it
goes
back
to
that
philosophy.
C
I
think
the
the
problem
I
have
with
that
with
with
allowing
the
star
to
specify
mix-ins
afterwards,
is
that
if
you
say
your
build
pack
supports
star,
and
then
you
say
it
supports
a
mixer
name.
That
makes
the
name
can
become
something
completely
different
on
a
stack,
that's
not
related
to
the
buildpacks.
You
know
packs
I
o
project
so,
like
you
could
say
image.
C
This
supports
star
and
image
magic,
and
that
makes
perfect
sense
on
all
the
ubuntu
stacks,
where
image
magic
means
the
ubuntu
package
image
magic,
but
that
could
mean
something
totally
different
on
a
stack,
that's
not
defined
by
the
project
where
we've
said
that
we
do
package
names
mean
or
what
pixels
are
defined
as
it
seems
like
mix
ends,
are
namespaced
under
each
stack
and
it's
it.
It's
like
it.
Lets
you
break
out
of
that
namespace,
but
keep
the
thing
that's
inside,
of
the
namespace
as
a
match
and
that
that
seems
like
it's.
B
But
I
mean
I'm
I'm
in
the
scenario
or
this
environment,
where
that's
the
functionality
that
I
want
right
like.
I
want
to
be
able
to
use
this
mixin
as
an
arbitrary
label,
not
so
much
to
mean
anything
specific
to
any
stack
outside
of
the
ones
that
I
have
and
use
as
part
of
the
contract.
For
you
know,
my
employment.
C
B
B
C
B
D
C
B
So
I
have
some
concerns
about
that
statement,
because
this,
like
we're
talking
about
and
time
distribution
to
compatibility
where
I
don't
necessarily
think
that
that's
completely
true.
If
we
talk
about
like
the
case
of
local,
build
packs
from
project
tamil
right,
you
could
then
run
that
on
a
windows
container
builder
or
a
linux
container
builder,
and
it
doesn't
know
or
care
at
that
point
because
it's
packaging
it
ad
hoc
at
that
point
in
time.
C
At
that
point,
though,
is
it
really
that
much
different
from
like?
Oh,
my
local
build
tag
doesn't
work?
Let
me
just
throw
the
stack
id
in
the
stacks
list.
It's
like
you're,
talking
about
the
build
pack
before
it's,
it's
been
processed
into
a
an
artifact
for
distribution,
and
so
it
doesn't
like
you
can
have
problems
like
do
all
the
files
have
the
right
line.
Endings,
you
know,
is
everything
actually
executable
in
this
environment.
It
seems
like
it's.
C
C
C
I
think
a
way
to
solve
that
would
be
like
your
build
pack
has
to
declare
what
operating
system.
What
what
like
general,
I
don't
know
how
you
describe
that
like
types
of
operating
systems,
your
build
pack
is,
you
know,
defined
for
explicitly.
Instead
of
relying
on
you
know
the
line
endings
in
your
build
pack
tunnel,
matching
the
right
operating
system
or
whatever
right
like
we
can
make
that
a
lot
more
explicit,
and
I
think
that
makes
sense.
I
don't
know
if
this
rfc
needs
to
do
it,
though
right.
C
D
Yeah,
it's
not
controversial.
I
feel
like
a
lot
of
ideas,
aren't
necessarily
super
controversial.
It's
just
like
what
the
implications
are
with
backwards
and
power
to
be
able
to
your
defaults,
or
things
like
that.
That
have
to
be
thought
through,
probably
a
little
bit
more
because
we
are
so
far
along
in
the
project
and
that's
like
the
tricky
stuff
makes
sense.
C
I
I
just
want
this
so
like
I'm
still
working
on
pac
file,
and
you
know
it
doesn't.
You
have
to
explicitly
specify
all
the
stacks
so
we're
just
trying
to
get
some
text
in
there.
Yeah
the
that
sounds
good,
I'll,
I'll
update
that
to
include
the
star.
You
said
there
terrance,
there
were
two:
is
there
another
one?
You
want
to
do.
C
And
and
this
one
yeah,
so
I
think
the
way
we
have
it
right
now
is
like
really
dangerous
and
that
nobody,
nobody
like
it's
a
big
oversight
in
a
way
that,
like
we
it's
possible
when
you're
writing,
really
simple,
build
packs
to
accidentally
leave
stuff
around
in
the
image
at
the
end
that
your
build
pack
has.
No,
you
know
information
on
and
that
just
you
know
like
a
simple
bill
pack
is
gonna,
not
use
the
caching
strategies
and
tend
to
rewrite
stuff
anyways
right.
D
Sure
I
I
guess
just
from
seeing
third
party
bill,
packs
kind
of
on
the
heroku
side,
like
I
definitely
see
like
for
sure
what
you're
saying
like
the
there's
build
packs
that
don't
do
caching
and
that's
definitely
the
first
iteration
of
it
and
then
people
it
becomes
probably
a
little
more
popular
than
they
thought.
And
then
people
complain
that
it's
slow,
so
they
introduced
some
type
of
caching
right
to
basically
speed
up,
maybe
downloading
or
compiling
something
like.
D
I
definitely
seen
build
packs
that
early
as
part
of
the
thing
literally
compiled
the
package
in
the
didn't
compile.
So
I
guess,
like
the
names
appropriate
there
in
the
old
pack
api
and
then
like
oh
yeah,
so
then
they
like
basic
cache,
protect
they
they
do
the
compile
still
because,
like
they
don't
have
a
place
to
store
the
assets
like.
We
don't
provide
that
as
roku,
for
instance.
D
Right
so
they'll
do
the
compile
and
then
they'll,
basically
just
like
store
it
in
the
cache
right,
the
kind
of
compiling,
and
then
you
can
copy
over
at
least
on
second
and
every
other,
build
after
it's
at
least
faster,
and
I
also
understand
the
dangers,
and
I
don't
necessarily
I
don't
like
for
a
lot
of
these
things.
I
don't
disagree
with
the
changes
like.
I
think
they
are
better,
I'm
just
thinking
about
like
for
the
default
or-
and
it
doesn't
mean
like
my
comment-
isn't
like
a
blocking
comment.
D
Just
like
a
comment
I
think
for
discussion
of
like.
I
think
we
should
think
about
this
and
it's
more
of
okay.
Like
do.
We
expect
a
bunch
of
people
coming
in
using
this
thing
to
expect
it
to
function
this
way,
and
maybe
we
do
I
mean
it's
just
like
this-
is
the
right
way
to
do
it
and
they
should
learn
how
to
do
this
and
also
made
me
think
like.
D
If
that's
the
case,
for
some
of
these
rfc
changes,
we
probably
want
to
maybe
even
explicitly
call
out
like
documentation
or
other
updates.
We
have
to
make,
even
though,
like
that's
kind
of
assumed
with
andy
things,
but
this
for
sure
feels
like
one
of
those
like.
We
need
to
be
very
explicit
about
this
kind
of
change.
Coming
in
yeah
I
mean
I,
I
think
it
is
like
a
probably
like
if
you
are
a
bill
pack
author,
who
is
probably
not
as
well-versed,
you
just
thought
about
like.
D
Why
is
this
thing
dangerous,
like
we've
all
like,
I
feel
like
this
change
comes
in
because
we
have
been
doing
build
packs
for
a
while
and
they
and
you
you
do
think
about
some
of
these
things,
but
I
think
for
like
a
more
casual,
build
pack
author
who
doesn't
do
this
whole
time,
it's
just
like
trying
to
get
a
thing
done
to
like
move
on
with
their
life
and
solve
the
need
and
they're
just
trying
to
get
some
optimization.
It
is
like
more
complexity
that
you
have
to
think
about.
C
C
The
first
version
of
this
I
proposed
was
like
rename
all
the
directories
to
dot
something
and
then
force
people
to
renew
it
back
ben
had
a
good
idea
that
I
I
think,
is
just
strictly
an
improvement
over
that
in
terms
of
usability,
and
I
was
hoping
that
would
be
like
a
good
good
way
to
not
make
it
too
much
of
a
breaking
change
right.
The
the
thing
that
the
like
just
to
talk
about
the
reason
why
I
feel
like
it's
worth
it.
C
There
are
a
lot
of
scenarios
where
it's
easy
to
build
up
a
cache
like
like
in
the
old
build
pack
interface.
You
could
build
up
the
cache
too
big
right,
like
you,
could
just
keep
putting
stuff
in
it
as
old
versions
of
build
packs.
That
happened
a
lot
in
our
previous
build
pack
implementations,
but
it's
also
like
that
feels
like
it's
the
build
tax
responsibility.
The
dangerous
thing
here
is:
this
is
like
a
a
weird
kind
of
cash.
C
That's
a
cache
that
also
ends
up
in
the
image
which
wasn't
like
how
buildpacks
used
to
work
and
and
can
affect.
You
know,
directly
affect
the
environment
that
the
image
executes
it
and
that
like,
because
it's
this
kind
of
hybrid
cache
realizing
that
made
me
go
like
whoa
this.
Could
this
could
lead
to
something
really
bad
and
unexpected
or
a
security
vulnerability.
You
know,
and
so
so
that's
why
I
kind
of
felt
strongly
like
it.
D
C
It's
true
and
launches
true,
but
when
builds
true
and
cache
is
true,
it
also
affects
the
build
time
environment,
unlike
in
the
previous,
build
pet
caches.
Just
like
here's,
an
empty
directory,
you
could
throw
as
much
stuff
in
here
yeah
it
could
get
really
big,
but
as
long
as
you're,
not
using
the
stuff
that
you
know
you
conglomerate
in
there,
it's
it's
not
so
bad,
but
in
this
case
it
actually
affects
path
and
led
library
path,
and
you
could
set
an
ld
preload
right.
You
could
do
some
really
nasty
stuff.
D
B
This
is
an
unrelated
question.
I
wasn't
sure
if
there
were
still
if
there
were
more
open
questions
on
the
opt-in,
caching,
but
an
unrelated
question
that
kind
of
came
up
in
a
early
discussion
today.
If
I
would
want
to,
let's
say,
have
a
change
to
the
rfc
process
where,
as
part
of
let's
say,
merging
in
an
rfc,
it
would
also
incorporate
opening
issues
in
the
fought
in
the
re,
like
the
relevant
repos.
Would
that
how?
What
would
be
the
best
way
of
doing
that?
B
A
A
C
I
had
actually
one
totally
unrelated
thing
that
I
forgot
to
put
on
the
schedule
this
time
so
on
another
list
ahead.
Does
anybody
have
thoughts
on
sorry?
Was
there
anything
else
on
the
agenda?
That's
appeared.
Am
I
talking
over
somebody
else's
thing?
No,
okay,
the
has
anybody
had
thoughts
on
image
signing
recently
or
looked
into.
We
need
to
have
it
had.
A
A
C
Again,
with
the
same
internal
head
on
I'm
getting
the
opposite
signal,
so
we
should
we
should
oh
we're
going
to
talk
talk
about,
but
I
think
from
from
different
perspectives,
we
have
a
lot
of
people
asking
for
image
signing
for
things
they
want
to
build
with
them
yep.
I
agree
the
I
think
the
big
thing
we're
blocked
on
is
making
a
decision
about
can't.
Should
we
use
notary
and
then
figuring
out.
Who
wants
to
to
do
that
work?
C
The
I
think
it
has
to
be
in
the
life
cycle.
That's
the
main.
The
the
hardest
part
is
it's
not
something
that
someone
could
go
out
and
build
on
their
own,
because
we
need
to
do
the
signing
unless
we're
going
to
pull
down
the
image
again,
which
kind
of
defeats
the
purpose
right
exactly.
We
need
that
we
need
to
do
the
signing
as
we
generate
the
manifest
in
life
cycles.
Exporter
phase.
A
Yeah
and
I'm
also
like,
if
we,
when
we
eventually
do
an
rfc
around,
that
I'd
like
to
see
an
rfc
written
with
an
abstraction
in
place
of
which
notary
is
a
single
instance
of
it
so
like
flag
to
pass
not
like
a
flag
that
says,
I
want
to
sign
this
image
but
a
flag
that
says
to
sign
this
image.
I
would
like
to
use
notary
yeah
right.
C
As
a
subset
of
notary
or
like
a
easier
amount
of
notary
to
use
for
images-
or
I
don't
know,
if
you
read
the
docker
content,
trust
website,
it
seemed
like
you
know.
Maybe
it
was
something
that
we
implement
just
that
that
workflow
and
I
don't
know
enough
about
it
to
say,
didn't
natalie
did
you
do,
or
I
thought
somebody
here
did
a
like
an
investigation
into
container
signing
at
some
point.
Maybe
I'm
confused,
though.
B
C
A
A
B
A
B
A
C
It's
very
complex
and
intended
to
solve
some
larger
problems,
and
then
signing
looks
like
oh.
This
would
be
a
great
use
case
for
this
much.
You
know
more
complex
way
of
sort
of
collecting
metadata
about
things
or
whatever
the
goals
of
tough
are,
but
the
you
know
didn't
end
up.
Looking
like
a
really
simple
put
a
signature
on
an
image,
go
validate
it
when
you
pull
it
type
thing.