►
From YouTube: Working Group: 2020-08-20
Description
* Stackpacks
A
A
B
B
All
right,
you
ready
to
talk
about
stack
packs.
Let's
make
all
the
decisions
before
stephen
gets
here.
C
C
B
C
A
A
B
I
think
some
of
the
things
we'll
talk
about
today,
the
the
challenges
that
this
for
me
just
I
don't
want
to
copy-paste
a
lot
of
code.
You
know
I
just
want
to
structure
it
so
that
it's
you
know
like
if
we're
reading
the
platform
directory
or
whatever
we're
doing
at
once,
the
same
way,
but
then
the
other
part
of,
and
that
part's
easy,
because
whatever
we'll
figure
that
out,
but
the
other
part
that
might
be
challenging
is,
I
think,
like
certainly
for
me
as
I'm
working
on
the
implementation
for
the
stackpacks.
B
B
A
Just
for
context,
I
guess
what
are
the
things
I
guess
backing
up
in
case
people
actually
watch
this
recording.
What
are
the?
A
A
A
B
Yeah,
so
the
first
one
is,
I
think,
stack
tamil,
it's
both
its
name
and
its
like
structure
or
if
it's
its
own
thing.
So
in
the
rfc
stack,
tumble
is
kind
of
like
an
analog
to
launch
tunnel,
and
it
does.
It
serves
two
purposes.
One
is
to
define
directories
and
files
that
are
always
restored,
even
if
the
base
image
changes.
B
And
then
the
other
thing
it
does
is
exclude
things
from
the
launch
or
the
launch
image.
So
you
might
have
like
you
know,
var
cache
or
whatever
so
steven,
I'm
not
married
to
my
proposal,
but
I
think
he
wants
to
change
some
things
with
it.
C
B
B
Or
there
could
be
like,
I
don't
know
what
to
call
it
like,
like
two
binaries,
like
root
builder
plus
builder,
like
one
of
the
proposals
stephen
had,
was
the
phase
actually
executes
two
binaries,
which
feels
like
it's
kind
of
a
sucky
contract
between
the
platform
and
the
life
cycle,
but
I
mean
I
guess
it's
easy
to
opt
out
of
stack
packs.
That
way.
B
The
other
was
like
extender
calls
builder.
So
you
still
have
two
binaries.
One
is
like
like
root
builder,
but
it
like
it
handles
the
stack
packs,
but
then
it
actually
calls
out
to
another
binary,
which
would
be
just
builder,
and
so
the
way
you
would
opt
out
of
stack
packs
is
by
not
calling
the
extender
builder.
C
A
C
D
A
C
B
B
Yep
I
was
doing
slash
just
because
I
well
actually,
no
that's
not
true,
I
was
gonna
say
because
it
felt
like
that's
what
would
be
expected,
but
maybe
like
home
slash
root
or
something
is
more
like.
What's
expected,
I
don't
know,
I
really
don't
know,
can
they
modify
the
bomb?
Can
they
add
layers?
Can
they
make
slices.
B
A
B
A
B
Like
understanding,
if
we
want
to
go
that
direction
with
these
things,
I
think
relates
to
the
question
about
stack,
tommel
and
launch
toml
like
if
we
think
there's
a
future
where
they
can
create
slices
process
types
modify
the
bomb.
Well,
that's
all
that
one's
a
little
bit
different,
but
that
that
would
like
lead
lead
us
towards
a
single
tamil
file
that
comes
out
of
the
build
process,
whether
it's
a
stack
pack
or
regular,
build
pack.
B
C
My
hot
take
is
that
it
should
just
just
use,
launch
tommle
instead
of
having
a
separate
file,
and
it
could
have
its
own
section,
that's
specific
to
this
type
of
bill
pack,
where
it
puts
things,
and
we
can
say
some
things
are
not
allowed
in
this
context
for
now,
but
it
make
it
easy
to
incorporate
other
features
later.
B
Yeah
me
too,
the
only
problem
is
launch,
as
a
name
feels
too
narrowly
scoped
in
that
case,
and
maybe
that
like
why?
Because
some
of
the
things
one
of
the
things
doesn't
have
anything
to
do
with
launch,
and
that
is
the
list
of
restored
directories.
B
So
the
like
the
app
package
indices.
Basically,
they
have
nothing
to
do
with
launch
and
you
need
a
place
to
define
those.
C
C
I
also
had
one
more
question,
which
was
in
buildpack.tamel:
we
were
using
privileged
bullying
to
decide
whether
this
was
a
stack
pack
or
a
regular
bill
pack,
and
I
was
wondering
if,
instead
of
doing
that,
we
wanted
to
have
something
more
like.
I
think
the
fact
that
stack
packs
have
to
be
privileged
feels
more
like
a
requirement
or
implementation
detail.
Then
it
feels
like
it's
the
point
of
the
stackpacks
in
some
ways
the
point
of
the
stackpacks
is
that
it's
making
only
abi
compatible
changes.
C
I
was
wondering
if
we
wanted
to
say
something
like
scope:
equals
stack
versus
scope,
app
to
make
this
distinction,
because
then
later
we
could
have
privileged.
C
C
B
Yeah,
I
don't
have
a
strong
feeling.
I
I
kind
of
was
using
privileged
as
a
placeholder
until
I
figured
it
out
and
then
everybody
just
seemed
to
be
okay
with
it.
So
I
kept
using
it,
but
I
don't
care.
A
I
I
like
the
scoping
thing
that
emily
suggested
privilege
always
rubbed
me
a
little
bit
the
wrong
way,
mostly
because
of
the
I
guess,
the
origin
where
stack
packs
came
from
of
like
we
want
to
probably
back
out
to
root,
build
packs,
eventually
right
as
a
feature
down
the
line
where
it
is
a
non-abi
compatible
change,
but
that's
like
a
totally
separate
mechanism
and
probably
want
to
discourage
its
use,
except
for
very
finite
use
cases
if
it
ever
comes
down
to
that.
C
A
Yeah
and
privilege
is
a
I
guess
like
if
you
we
always
talk
about
the
darkerisms
privilege
is
a
very
specific
darkerism
thing.
That
means
a
specific
thing,
so
I
think
that
makes
sense.
Welcome
stephen,
hey!
Sorry,.
D
At
least
at
least,
I
actually
showed
up
this
time,
though
the
I
don't
interrupt
if
you're.
A
Yeah
the
we
put
kind
of
we,
we
just
started
to
catch
you
up
listening
kind
of
the
open
questions
and
things
we
wanted
to
talk
about
in
the
meeting
today.
I
know,
there's
a
bunch
of
stuff
that
you
probably
have
opinions
and
input
on.
There
were.
D
C
A
A
C
Other
than
scope
moving
from
privilege
to
scope,
the
other
thing
we
discussed
briefly
was
stack,
tumble
versus
reusing
launch
and
build
tommle
with
special
keys
for
stackpacks.
Do
you
have
an
opinion
on
that.
B
So
the
stack
tunnel
in
my
poc,
which
I
think
you
saw,
does
two
things.
It
defines
the
files
and
directories
that
will
be
restored,
even
if
there's
a
new
base
image
so
like
app
package
indices,
and
then
it
also
defines
files
and
directories
that
will
be
excluded
from
the
launch
image
like
var
cash
or
whatever,
but
that
you
want
to
keep
for
performance
reasons,
so
stack
thomas,
probably
not
the
right
place
for
those.
I
just
did
that,
so
I
can
move
forward.
D
Bring
it
back
on
the
next
build
right
which
which
of
those
things
we
just
talked
about,
is
that
mechanism.
B
D
As
that
and
then
then,
what's
the
other
thing,
that's
like
the.
D
B
D
D
You
can
just
exclude
it
completely
because
it's
temp
files
or
you
can
make
sure
that
it
comes
back
on
the
next
you
know
like,
and
you
can
make
sure
that
it
comes
back
to
the
next
build
optionally,
right
and
so
for
app
packages.
You
say
I
don't
want
this
in
the
image,
because
you
don't
want
your
run
image
to
have
the
app
index
and
you
wanted
to
come
back
in
the
next
build.
So
you
do
exclude
paths
equals
var,
app,
something
and
then
cache
equals
true,
and
then
I
think
you're
golden
on
both
images.
C
In
some
ways,
what
we're
talking
about
is
kind
of
like
slices
right.
If
you
have
a
diff
that
your
bill
pack
created,
and
then
you
use
these
paths
to
slice
it,
then
you
have
multiple
layers
and
you
can
think
of
it
as
analogous
to
how
we
have
cache
launch
and
build
for
normal
errors,
except
the
build,
doesn't
make
sense
for
stack
packs
because
there's
no
explicit
exposing
and
whether
it's
launch,
true
or
false,
I
think,
isn't
something
the
build
pack
decides,
because
if
it
was
created
while
running
on
the
run
image
is
launched.
C
D
B
C
I
think
we
may
need
to
indicate
when
we
store
these
things
in
the
cache.
What.
C
I
guess
whether
it's
launch
true
or
build
true,
which
are
exclusive,
mutually
exclusive
in
this
case,
and
the
build
pack
wouldn't
be
actively
deciding
what
to
do
with
those
based
on
that
context.
But
we
need
to
know
so.
We
know
which
image
to
restore
it
to
later.
Right,
like
you,
basically
need
to
restore
on
the
run.
C
C
D
On
the
looking
through
the
rfc,
where
I
see
the
very
bottom,
you
have
stack
tomlin,
build.restores
and
run.excludes,
and
I
think
it
looks
like
you.
The
idea
was
to
split
the
runtime
version
of
that
with
the
build
time
version.
But
then,
then,
a
while
ago
there
was
like,
like
three
or
four
working
group
meetings
ago
we
talked
about.
D
D
C
C
Actually
we
always
get
to
this
level
of
detail
where
we
mostly
all
agree
on
what
we
need,
but
it's
hard
to
get
all
the
way
across
the
finish
line
without,
like
typing
an
example.
B
As
I
start
to
flesh
this
out
in
the
code,
there
will
be
some
unit
tests
that
help
illustrate
it.
I
don't
know
if
that's
real
enough,
but
I
think
they'll
be
pretty
contrived,
but
maybe
they
maybe
if
they,
if
we
replace
those
with
like
real
directories,
that
make
sense
in
the
context
of
like
apt
or
whatever.
C
We
think
because
this
one
feature
is
uniquely
complicated,
that
the
our
proof
of
concept
is
going
to
keep
feeding
back
on
the
rfc
for
changes.
I
guess
there's
like
a
meta
question
of
how
we
want
to
handle
that.
Do
we
just
want
to
keep
this
open
for
a
while
and
keep
working
on
it
and
edit
it
or
do
we
want
to
get
something
through
and
know
that
very
quickly,
we'll
have
another
rfc,
that's
like
superseding.
B
Yeah,
I
think
at
this
point
we
could
probably
say
stuff
goes
in
launch
toml,
which
will
be
defined
in
a
separate
rfc
and
then,
as
I'm
working
through
the
poc,
we
can,
or
I
can
write
the
rfc
for
the
launch
tunnel
changes.
D
So
you're,
going
to
just
help
me
understand:
you're
going
to
move
stack
tamil
to
launch
tomml
is
the
idea
and
where
does
where
does
launch
tunnel
is
how's?
It
how's
it
different
than
than
having
stack
tumble
with
an
excludes
and
paths
and
cache.
B
A
D
B
No,
we
can't
create
layers,
it
can't
create
layers,
but
we
will
pass
it
that
directory
to
which
it
can
write.
Files
like
like
one
of
the
cases
that
I
was
thinking
of-
and
this
is
because,
like
one
of
the
build
packs
I
was
using
did
this,
it
was
just
like
setting
up
some
files
and
directories
in
the
in
the
layers
directory
because
that's
just
what
it
did
and
then
my
builder
just
ignored
it,
because
it
was
a
stack
pack
and
I
feel,
like
that's,
actually
a
real
case.
B
We
should
consider
I'm
not
married
to
one
behavior
or
the
other,
but
I
I
kind
of
favor
like
yeah,
just
let
it
write
stuff
in
there
and
ignore
it
like,
if,
like
you,
can
imagine
if
you're
using
like
lib
build
pack
and
it
initializes
some
file
or
thing
like,
even
if
it's
just
like
it's
a
sandbox.
Just
let
it
do
that.
Don't
air.
D
A
Sure-
and
that
is
what
we
call.
B
Yeah,
well,
I
think
I
actually
think
layers
directory
is
a
misnomer,
like
the
layers
directory
is
actually
well.
It's
like
the
layers
directories,
which
are
probably
in
the
like,
build
packs,
sandbox
directory
or
whatever
we
call
it
like.
That's
where
it
launch
tunnel
goes.
That
is
it's
not
really
a
layers.
D
C
D
C
A
C
D
D
B
D
Each
of
the
build
packs
layers
directories
like
the
the
layer
for
each
the
directory
for
each
build
pack,
for
which
the
build
pack
puts
layers
in
contains
directories
that
could
turn
into
layers.
The
only
thing
that's
in
that
top
level,
slash
layers,
the
only
thing
that's
not
layers
is
some
configuration
files
that
sit
around
layers.
So
if
we
didn't
want
to
start,
oh
there's.
C
B
Let's
talk
about
the
life
cycle
phases,
because
I
think
this
is
important
to
my
poc
at
least
moving
it
forward.
The
way
I
the
way
I
have
it
structured
now
is
that
there's
one
builder
one
builder
binary
and
also
the
like
sort
of
the
library
part
of
it,
which
is
like
builder.go
at
the
top
level
and
they're
all
the
same
thing.
There's
the
same
entry
point.
B
It
just
accepts
a
group
tommle
and
a
stack
group
tunnel
that
the
binary
does,
and
then
it
runs
the
library
part
of
the
builder
twice
once
for
the
the
stack
packs
and
then
once
for
the
regular,
build
packs,
I'm
completely
open
to
changing
this,
I'm
just
trying
to
find
you
know
ways
to
not
copy
and
paste
a
bunch
of
code,
including
tests.
B
D
It's
not
not
exactly
that.
Can
I
give
a
little
bit
of
motivation
and
then
talk
about
what
whatever.
A
C
Which
is,
I
think,
some
of
these
conversations
have
been
driven
by
not
wanting
to
repeat
a
lot
of
code,
but
I
think
there
are
many
ways
to
avoid
repeating
a
lot
of
code
and
I'd
like
to
start
just
by
framing
the
conversation
on
what
interface
we
want.
And
then
we
can
talk
about
how
to
not
repeat
code
while
doing
that.
D
I
agree
completely:
I'm
separate
not
related
to
repeating
code,
I'm
I'm
worried
about
having
the
builder
logic
right,
the
the
thing
that
runs
unprivileged
and
the
container
runs
through
normal,
build
packs
like
as
we
extend
that
I
worry
about
applying
the
same
logic
in
the
on
the
run
image
during
build
time
when
you're
extending
the
run
image
and
just
running
stack,
packs
or
like
in
all
these
other
cases.
I
feel
like
it's
a
it.
It's
sort
of
built
to
do
this.
You
know
running
normal,
build
packs
in
a
row
thing.
D
You
know,
you
know
against
that
contract
right
and
it's
it's
nice
that
you
can.
You
know
always
run
it
as
an
unprivileged
user
and
expect
it
to
you
know,
write
all
the
files
with
the
right
permissions.
You
know
all
that,
so
what
I
propose
is
have
it
another
binary.
That's
the
stackpack
binary
that
runs
privileged
right.
D
That,
in
the
during
the
build
phase,
runs
the
stackpacks
with
the
stackpack
contract
first,
and
then
it
actually
executes
the
unprivileged
builder
as
a
normal
user
and
does
the
rest
of
the
build
packs
using
the
normal
builder
logic.
If
a
platform
doesn't
want
to
support,
stack
packs
and
wants
to
do
a
maximally,
secure
configuration
or
the
build
image
always
runs
unprivileged
like
kpac.
D
It
could
just
execute
the
builder
and
not
execute
the
root
builder,
but
if
there
are
stack
packs,
the
platform
can
execute
the
route
builder,
which
executes
through
playbacks
and
then
executes
the
builder.
Then,
on
the
run
image
you
could
have
either
a
flag
to
that
privileged
binary
or
a
different
binary.
That
does
the
extension
of
the
run
image
running
the
stack
packs
on
the
run
image
and
that's
the
without
talking
about
the
code.
That's
the
high
level
kind
of
like
architecture
that
I
think
would
feels
most
secure
and
keeps
the
best
separation
between.
C
D
B
C
It
drops
the
privileges
just
like
we
do
when
we
run
creator,
so
you
could
either
run
builder
not
as
root,
in
which
case,
if
you
passed
it
stack,
build
packs
you'd,
be
like
no
sorry.
I
can't
do
that
or
you
run
it
as
root
and
it
does
the
stack
bill,
packs
and
drops
privileges
and
then
does
its
normal
thing.
D
D
D
C
D
It
feels
I'm
not
super
strongly
opinionated
if
there's
still
a
way
to
run
this
one
builder
right
as
a
normal
user
and
then
have
it,
skip
the
stack
packs
and
then
run
the
normal
builder
logic.
I
think
I'm
okay
with
that,
but
it
it
feels
simpler
if,
in
the
case,
where
you're
not
using
stack
packs,
the
platform
can
execute
something.
That's
just
the
normal,
build
pack
runner
and
not
have
to
worry
about
what
that
logic
looks
like.
C
B
B
If
you
don't
give
the
stack
group
tommle
so
like
you
can
run
that
that
same
binary
with
or
without
privileges,.
B
I
feel
like
the
separation
you're,
describing
stephen
feels
like
like
a
what
do
you
call
that
not
like
a
security
thing
but
like
a
trust
thing,
and
that,
like
this,
ensures
that
we
will
not
accidentally
run
something
as
root
that
you
didn't
mean
to,
but
I
feel
like.
D
Yeah,
it's
definitely
terence
has
a
comment
too.
D
Way,
I
don't
feel
super
strongly
about.
Well,
I
think
I
I
lean
towards
liking
the
process,
separation
right
and
keeping
keeping
the
whole
builder
binary.
As
you
know,
strictly
you
know,
even
just
for
internal
factoring
reasons.
You
know,
sort
of
strictly
separate
from
the
thing
that
runs
stack,
packs,
so
platforms
can
choose
to.
You
know,
never
have
to
deal
with
that
code
path
if
they
want
to,
but
I
could
like
I'm
not
going
to
block
the
pr
on
it
as
long
as
the
internal
factoring
of
the
builder
itself.
D
D
What's
the
reason
we
have
to
in
both
scenarios
it's
sort
of
assumed
that
it's
a
single
it's
either
a
process
and
a
child
process?
Why
can't
it
be
a
separate
phase?
I
guess
I'm
missing
where
the.
B
Oh,
the
yeah,
the
separate
phase
would
require
a
separate
container
and
then
you
would
lose.
There
would
be
no
way
to
carry
forward
the
changes
that
you
made
to
the
to
the
image
during
the
stackpacks
phase.
Unless
you
also
gave
privileges
to
the
next
phase,
so
you'd
be
you'd,
be
in
trouble
there.
You
know,
you
know
what
I'm
saying
like.
If
you.
A
B
C
B
C
B
That
was
more
like
it
was
just
really
easy
to
do
it.
That
way,
because
there's
like
two
lines,
different
and
or
maybe
maybe
a
little
bit
more
than
that,
but
like
how
it
loops
over
the
build
packs
and
how
it
sets
up
the
cmd
to
execute.
And
all
that
was
exactly
the
same.
So
yeah
like,
like
you,
said,
there's
other
ways
to
accomplish
what
I
don't
want
is.
A
C
D
I'm
yeah
I'm
worried
about,
like
we
put
some
logic
in
either
the
privilege
builder
or
the
unprivileged
builder,
and
just
just
just
purely
as
like
a
as
a
potential
for
introducing
bugs
it.
It
applies
in
you
know
one
case
in
other
case
without
us,
without
sort
of
clean
separation
between
the
two,
but
as
long
as
there's,
you
know
really
sufficient
separation
at
the
library
level,
then
I'm
not
going
to
block
if
emily.
D
If
you
feel
strongly
that
it
really
should
it's
too
complicated
to
have
an
interface
where
you
know
the
platform
decides
what
binary
to
invoke,
then
I
I
I
think
I'll.
I'm
I'm
definitely
willing
to
compromise
on
it
being
one
binary,
but
if
you
have
information
on
how
we're
we're
like,
I
know
we're
talking,
this
is
easier
for
the
privilege.
B
D
B
So,
let's
make
builder
exactly
like
creator
where
you
get
you
can
do
it
either
way
like
there's
a
builder,
you
know
like
a
top-level
builder
and
that's
sort
of
the
one.
That
is
the
default
that
you
go
to
and
it
just
does
everything,
but
we
can
generate
two
other
binaries
that
are
like
root
builder
and
or
like
privilege,
builder
and
unprivileged
builder,
or
something
like
that.
A
D
Make
it
have
have
always,
essentially
you
could
you
could
make
one
that
that
does
this
runs
this
yeah?
I
don't,
I
think,
that's
I
still,
although
not
very
strongly.
You
know
what
like
the
separate
binding
areas
that
do
one
feels
very
unixy.
I
guess
I
have
separate
binaries
that
just
do
exactly
one
thing,
but
that,
if
you
know
it
would
make
me
feel
better
if
there
was
a
binary
that
could
just
be
the
builder
and
then
a
binary
that
did
the
root
thing
and
then
without
having
to
invoke
the
other
binary.
D
It
could
also
execute
the
same
logic
as
in
that
builder,
that
that
feels
better
than
not
having
that
other
binary
that
doesn't
have
the
other
stuff
as
an
option
at
all.
Right,
but
again,
not
not
super
strongly
opinionated
at
this
point,
as
long
as
there's
really
clean
separation
at
the
library
level,.
C
D
I
think
there
are
some
usability
concerns
right
with
like
now.
You
can
write
everywhere,
but
if
you
ignore,
if
you
ignore
that
and
just
focus
on
the
security
thing,
there
are
some
in
container
exploits
that
are
easier
if
your
local
root
right,
especially
if
you
don't,
if
you're,
not
mapping,
I
mean,
if
you're
mapping
in
container
route
to
another
user,
then
it's
it's.
D
You
know
not
so
bad,
but
there
are
capabilities
that,
if
you
accidentally
grant
to
the
container,
you
can't
do
much
with
if
you're
a
normal
user,
but
you
can
do
you
know
if
you
have
net
admin
right,
you
can
do
some
pretty
crazy
things
with
this
route.
It's
it's.
Definitely
if
every
other,
you
know
thing
is
set
up
perfectly
great
right:
it's
not
a
problem
and
many
docker
file
builds.
D
You
know
conoco,
I
think,
executes
his
root
right
in
the
container,
so
we're
definitely
being
very
paranoid
about
it,
but
the
you
know
I
given
that
this
is
sort
of
a
thing
we're
designing
for
really
large
platforms
to
run
lots
of
untrusted
code.
Where
you
know
every
third
build
pack
is
a
cryptocurrency
miner
right.
The
I
want
to
be
very
careful
about
not
having
any
privileges
in
places
where
we
don't
need
them.
If
that
makes
sense,.
B
I'm
going
to
keep
doing
that
in
the
proof
of
concept,
and
then
I
think
we
can
dig
into
it
in
the
code.
You
know
like
take
a
look
at
like
once
like.
I
definitely
need
to
make
the
library
separation
and
then
take
a
look.
We'll
take
a
look
at
what
the
binary
looks
like
I'll.
I
might
actually
push
up
a
layer
from
where
it
is
so
that
it
is
very
much
like
creator
and
then
we'll
just
see
if
that
you
know
meets
your
expectations
or
your
makes.
You
happy.
D
Never
mind
that
sounds
good.
I
I
think
I
I'm
really
interested
to
see
what
it
looks
like
when
they're,
when
it's
sort
of
they
have
a
separate
root,
build
pack
builder.
You
know
in
the
library
and
then
you
know
you
have
a
binary
that
invokes
that
separately
and
then
then
drops.
A
D
D
So
I'm
willing
to
compromise
on
this.
I
don't
want
to
lose
any
functionality
we
have
already
as
part
of
the
rfc,
like
my
intent
here,
isn't
completely
refactor
mix-ins.
It's
get
it
to
a
point
where
you
can
use
it
with
stack
packs
with
with
application,
make
sense.
C
The
delta
of
changes
on
the
run
image
should
be
exactly
the
same
as
if
just
mix
and
name
was
on
the
run
image.
I
think
we
use
it
to
sometimes
mean
a
slightly
different
set
of
changes
that
don't
correspond
to
a
paired
set
on
build,
or
something
like
that.
I
feel
like.
If
you
want
a
slightly
different
set
of
changes,
you
should
just
have
to
have
a
different
name
for
it
and
therefore
run
colon
name
should
describe
the
same
thing.
Name
does
in
the
context
of
a
single
image.
D
Okay,
how
about
I
say
done:
let's
do
that.
I
think
it
makes
the
mixing
contract
a
lot
less
powerful,
but
I
don't
have
good
use
cases
for
those
the
first
first
like
threat
in
rfc.
It.
C
D
C
D
There
are
some
weird
cases
like
I'm
going
to
give
you
an
example,
but
I'm
not
pushing
back
on
that
change
like.
Let's
just
do
that,
because
I
think
in
the
case
of
ubuntu
packages,
it's
not
going
to
matter
that
much
because
a
package
name
literally
means
install
this
package,
but
there
are
some
cases
like
you
know
you
mentioned.
Well,
if
you
want
the
dev
package,
you
just
get
the
dev
package.
D
If
you
want
the
not
dev
package,
you
get
the
not
that
package,
but
the
dev
package
actually
installs
the
not
dev
package
right,
and
so
you
having
the
dev
packages
build
only
and
having
the
regular
packages
not
build.
Only
you
know,
you'd
see
those
on
the
images
and
the
regular
package
would
imply
the
contract
across
the
stack.
So
it's
not.
D
There
are
some
cases
where,
like
it's
convenient
to
be
able
to
say
you
know
this
mix
and
represents
the
run
portion
of
this,
with
no
expectation
that
it's
not
in
the
build
portion,
but
in
the
context
of
a
stack
pack
receiving
the
mix
in
names,
which
is
the
only
place
this
matters,
it's
it's
not
going
to
matter.
If
we're
going
to
package
this
because
in
the
end
stackpack
just
needs
to
it's
already
on
that
image,
it
just
needs
to
install
the
package
because
we
don't
have
a
wide
use
of
mix-ins
outside
of
packages.
C
What
you're
saying
about
certain
things
implying
requirements
of
the
other
image
is
still
true,
and
I'm
not
arguing
with
that.
I
just
don't
think
that
the
name
should
describe
a
different
set
of
changes
within
a
the
run
context
or
a
build
con
or
a
build
context.
It's
like
the
difference.
It
can
mean
different
things
in
build
than
it
means
in
run,
but
I
think
run
colon
on
a
run
image
shouldn't
mean
something
different
than
the
name
on
a
run
image.
D
Okay,
and
that
means
that
stackpacks
receive
unprefixed
information
and
okay,
I
will
make
the
change
to
the
rfc
this
week.
The
next
discussion
is
what
I
was
more
worried
about,
or
the
thread
under
that
we
had,
which
is
in
the
stack
definition.
We
still
need
the
prefixes
in
order
to
imply
the
contract
between
the
stacks,
and
I
thought
you
were
saying
you
wanted
to
drop
that
and
that's
that's
the
thing
I
was
most
worried
about,
because
that'd
be
a
really
big
breaking
change.
C
On
the
fence
about
dropping
that,
I
feel
like
yes,
if
a
certain
package
exists
on
the
build
image,
there
are
things
that
can
be
built
on
that
image
that
then
put
requirements
in
order
for
them
to
run
successfully.
On
the
run
image
like
I
agree
with
you
that
there
is
a
contract
between
the
between
the
images
when
you
have
a
particular
mix
in,
I
guess
my
question
was:
does
that
contract
matter?
If
none
of,
if
the
mix-in
isn't
used
by
any
build
packs
like?
D
D
You
can
implement
exactly
the
api
you
want,
which
is
it
just
doesn't
matter
at
all
right
with
the
and
this
the
first
change
we
talked
about
will
allow
that
where
it
wasn't
allowed
before,
because
the
mixins
didn't
I
mean
the
rfc
in
general
will
allow
that,
because
having
build
colon
package
name
and
run
colon
package
name
on,
the
different
images
now
satisfies
just
package
name
coming
from
the
build
pack,
and
so
I
think
if
we,
if
we
just
relax
that
first
restriction
you
talked
about,
then
we
have
all
the
functionality
and
you
can
still
apply
a
contract
between
the
images
if
you
want
to,
but
it's
totally
optional.
C
In
the
case
you're
talking
about
where
an
app
needs
image
magic,
there's
a
mixing
requirement
that
nobody
has
expressed
right.
So
you
could
try
to
build
that
on
a
build
image
that
doesn't
have
image
magic
and
you
won't
find
out
until
it
fails.
But
what
you're
saying
is,
if
it
succeeds,
it
should
keep
succeeding.
D
The
user
has
the
user
has
decided
to
use
that
mix
in
by
selecting
a
stack
image
that
has
it
or
or
eventually
you
could
say,
the
user
could
just
put
something
in
project
tamil
that
gets
sent
to
the
mixon's
requirement
and
then
the
mixing
gets
installed
automatically
right.
But
I
don't
think
that's
always
the.
C
A
D
Awesome
perfect,
so
then
joe,
I
think
we're
unblocked
on
the
mixer
interface
and
stackpacks
can
just
receive
unstaged
specified.
Unstaged
specified
is
kind
of
key
here
for
your
your
rfc
package
names
and
just
wrap
them
straight
to
appgate
install,
and
it
should
should
be
really
clean.
B
Yeah
that
sounds
great,
I'm
gonna
have
to
drop
the
only
two
things
that
we
didn't
get
to.
Actually,
I
think,
are,
can
stack
packs
right
to
the
bomb
and
what's
the
working
directory-
and
I
don't,
I
think
they
should
be
able
to
modify
the
bomb,
but
I
don't
care
about
the
working
directory.
D
A
C
D
B
Okay,
I
don't,
I
don't
think
the
most
secure
teams
would
differentiate
all
right,
so
I'll
update
the
rc
with
this
and
then
I'll
keep
working
on
the
poc
cool.