►
From YouTube: OCI Weekly Discussion - 2023-05-04
B
I
appreciate
that
just
I
did
update
my
PR.
C
B
Yeah
I
think
the
the
Highlight
for
you
to
read
is
on
the
considerations.
I
added
a
couple
examples
of
types
of
the
implementations
make
it
a
little
clearer,
I,
think
and
then
I
also
relaxed
on
line
seven
of
considerations.
The
must
not
to
a
should
not
okay,
because
I
think
third-party
implementations,
runtimes
and
whatnot
might
want
to
generate
errors
on
unknown
properties,
and
it's
not
our
sort
of
place
to
decide
their
compatibility.
Promise.
A
And
I
think
might.
D
A
A
I
was
just
looking
at
some
auras
code
today
because
of
yeah
the
issue
408
got
through
on
the
agenda
third
item
down
there
that
actually
came
from
ACR.
A
A
A
A
E
A
Yeah,
okay,
just
through
the
issue
out
there
today,
someone
opened
an
issue
up
on
my
own
code
and
I
was
looking
at
saying.
Well,
why
am
I
not
Parsons
thing
that
looked
I
was
like
oh
so
I'm
looking
through
and
saw
that
you
were
actually
parsing
it
with
the
mime
type
stuff
and
go
and
I'm
like
that's
pretty
good
with
some
other
people,
and
other
people
are
not
thinking.
Okay,
this
is
gonna.
E
A
A
So
I
I'll
drop
that
out
there
to
say
which
way
do
we
want
to
go
and
then
once
we
figure
out
what
we
want
to
do
we'll
go
ahead
and
open
up
a
PR,
so
it
might
be
a
light
group
today
I'll
go
ahead
and
do
a
screen
share
that
way.
We
can
be
on
the
same
page
of
this
stuff.
First
I'm
going
to
type
my
name
in
because
if
I
don't
do
that,
I
promote
sure
and
I'm
just
worse
and
new
keyboard
today
or
relatively
new
to
me,.
C
A
A
A
But
it's
one
of
those
where
I
should
probably
have
something
that
is
very.
What
is
it
tolerant
of
whatever
happens?
Upstream
but
whatever
have
substream
might
want
to
be
a
little
bit
more
conservative
and
what
it
outputs
one
of
those
one
of
those
scenarios.
A
So
yeah,
let's
see
here's
the
first
on
the
list
here.
1050,
which
is
just
saying,
hey,
send
first
stuff
we're
doing
it
wrong.
So
I
know
we
were
back
and
forth
in
the
chat,
but
I
just
wanted
to
bring
this
one
up.
Saying
hey.
We
should
probably
change
word
one
here
and
it's
a
one
character.
Change
minus
to
a
plus
I
figured
those
the
easiest
kind
of
changes
all
as
in
documentation.
It's
not
even
in
code.
A
A
A
I
think
the
reason
not
to
follow
Dash
Dev,
which
is
what
we're
currently
doing,
is
that
it
sorts
it
wrong.
Aquarius,
Ember,
plus
Dev,
is
a
little
less
common
I've
seen
that
to
show
up
as
equal.
What
were
you
saying
right
there?
If
you
say
whatever
Plus
debit
shows
up,
as
you
know,
equivalent,
but
that's
less
incorrect
than
what
we're
doing
now,
which
is
my
estab,
which
implies
that
it
is
before
the
1.0
release
and
we're
saying
this
is
minus
1.1.
rc3.
A
A
E
I,
remember
I,
don't
know,
I
mean
in
the
tag
tag,
overloaded
tag
per
se
like
the
distribution
tag,
so
in
Helm,
when
we,
when
we
had
this
discussion,
how
Muses
plus
us
very
very
explicitly
all
over
the
place,
and
so
when
we
try
to
convert
the
helm,
Sim
War
to
like
a
like
a
repo
tag,
equal
and
it
blew
up
all
over
the
place
and
we
needed
some
canonicalization
magic.
It
doesn't
matter
that
we
go
down
that
route
or
should
we
just
not
worry
about
the
two
together.
A
C
A
B
I
think
even
in
square
brackets,
don't
you
have
to
escape
the
dot
or
maybe
I'm
misremembering?
Maybe
that's.
It
might
also
be
implementation.
Specific.
A
And
this
is
something
saying
to
look
at
this
character
worth
checking.
E
A
Cool
is
there
anybody
that
would
tag
something
with
our
current
Dev
tag
and
not
call
just
like
Edge
or
something
like
that
on
their
side,
and
this
isn't
even
a
tag
on
our
side.
This
is
just
a
version
within
our
code.
F
A
B
Yeah
I
think
this
just
brings
the
pr
in
line
with
your
comments
and
clarifies
the
distinction
between
application,
implementations
that
are
storing
and
copying
content
versus
implications
that
are
processing
and
I've
clarified
as
well.
You
know,
registry
distribution,
spec
implementations
are
the
former
runtime
runtime
spec
implementations
are
the
latter
and
that
the
latter
has
slightly
different
sort
of
constraints
than
the
former,
and
we
don't
want
proxies,
for
example,
to
modify
media
types
when
they
they
receive
a
media
type.
B
Even
if
it's
unknown,
they
should
keep
it
exactly
as
it
is
in
order
to
preserve
compatibility.
B
And
the
line
45
right
next
to
your
cursor,
it's
sort
of
a
safeguard
regarding
some
of
the
intentions
I
raised
around
999.
Is
we
started
having
non-json,
for
example,
media
types
in
the
config
field?
They
might
reference
things
that
aren't
really
valid.
Parse
objects
for
a
given
implementation,
and
so
if
an
inflation
finds
an
unexpected
media
type,
it
should
not
try
to
run
it
through.
You
know,
potentially
memory
unsafe,
parser
or
anything
like
that.
Just
treat
it
as
an
opaque
blob.
If
you
don't
understand
what
this
thing
is.
A
E
A
B
Think
there
might
be
some
language.
That's
actually
an
interesting
point
around
not
rejecting
unknown
artifact
types
that
maybe
I
need
to
add
back
in
I
had
to
rebase
this
PR
on
top
of
yours,
so
I
might
have
to
go
back
and
and
check
to
see
if
I've
flagged
that,
because
I
think
you're
right
for
config
media
type,
I'm,
definitely,
okay,
with
maintaining
sort
of
the
the
current
sort
of
oci
1.0
restrictions
and
just
like
encouraging
invitations
not
to
parse
unknown
contact.
We
could
definitely
relax
that
45.
A
A
B
On
line
34
I
think
I've
got
the
language
I
want
actually,
which
is
that
implementation,
storing
or
copying
manifests
so
like
Registries,
should
not
err
on
unknown
artifacts.
B
Just
artifacts
so
yeah.
A
I
mean
a
registry
could
easily
say
it's
a
scratch.
Me
you
type
on
the
config,
manifest
on
a
config
descriptor
I'm
not
going
to
allow
anything.
That's
got
scratch.
Could.
B
The
case
the
restriction
on
line
47
is
already
the
case
only
for,
for
example,
wasm
runtimes
aren't
going
to
support
image,
config
necessarily
right.
B
A
A
lot
of
this
was
written
with
the
assumption
that
we've
got
Registries
and
runtimes,
and
we
didn't
think
that
there
were
going
to
be
anything
else
showing
up.
So
this
was
written
before
we
got
to
this
kind
of
chaos,
and
it
might
mean
that
there
needs
to
be
some
more
tuning
to
take
it
to
take
into
consideration
all
those
other
users.
B
A
I
get
the
feeling
that
the
whole
point
of
47
and
49
there
is.
The
list
was
probably
geared
more
toward
run
times
of
saying
anybody.
There's
no
CI
runtime
needs
to
support
at
least
this
one
config
and
leaving
it
open
in
the
future
that
someone
could
have
some
kind
of
lesson,
specific
config
or
something
some
other
kind
of
runtime.
B
I
do
know
that
some
implementations
are
going
to
go
down
the
path
of
having
possibly
both
an
artifact
type
and
their
own
config
descriptor.
So
perhaps
The
Language
online
34
could
just
be
copied
down
into
the
config
media
type
as
well.
Is
that
if
you're
just
involved
in
storing
and
copying
image
manifests
that
you
should
accept
Singularity
configs
as
well
as
Helm,
configs
and
others.
A
E
A
End
user
I,
like
it
right.
B
I
guess
we're
operating
in
the
sort
of
gray
area
where
we'll
say
that
we're
concerned
about
something
that
Registries
might
not
accept.
Is
there
a
feedback
mechanism
I
mean
sort
of
what
one
more
aggressive
action
would
be.
You
know,
take
the
make
these
changes,
merge
them
and
then
wait
for
feedback,
but
is
there
another
feedback
mechanism,
that's
sort
of
a
softer
touch
to
say
how
do
you
feel
about
this
language
or
how
can
we
resolve
impasses
when
we're
worried
about
something
that
might
be
in
the
hypothetical.
E
Are
we
crossing
the
boundary
that
every
registry
should
accept
everything
in
the
sense
that
is
there
a
possibility
that
certain
media
type,
aversions
or
certain
kinds
of
artifact
types
are
going
to
be
proprietary
and
not
something
that
certain
providers
want
to
accept?
Do
we
have
provisions
of
that
in
here?
The
moment
we
say
it
shouldn't?
It
must
accept
everything.
E
Then
we
kind
of
cross
over
this
as
and
non-compliant
implementation
and
there's
no
opportunity
for
operators
to
decide
what
they
can
store
or
what
they
can't
store
like,
like
I,
said
yeah
I'm,
I'm,
leaning
towards
it's,
it's
possibly
better
to
make
sure
that
everything
can
be
stored.
But
it
also
warrants
like
say,
for
example:
Singularity.
Is
that
a
type
that
every
operator
wants
to
store
right.
B
So
I
think
I've
tried
to
be
very
careful
and
say
it
unknown,
media
types.
So
if
a
operator
chooses
to
reject
Singularity
or
a
proprietary
media
type,
for
example,
they
that
is
known-
and
so
they
can
load
or
Implement
that
exception.
But
the
idea
is
in
order
to
make
registry
oci
1.1
a
meaningful
Baseline
for
the
applications
regarding
artifacts,
both
for
Helm
and
Singularity,
but
also
as
bombs
and
the
stations
and
the
like
is.
B
E
E
D
A
B
G
G
That
is
I,
don't
know,
I,
guess
I'm
struggling
to
see
why
we
have
to
say
they
have
to
support
everything.
But
if
you
wanted
to
run
a
free
registry
just
for
you
know,
Helm
charts,
maybe
you
would
want
to
have
a
registry
that
blocks
everything
else.
G
A
Yeah
I
think
why,
at
one
point
was
filtering
on
the
configure
type
I
get
the
impression
they
stopped,
though
I
haven't
checked
it
lately.
I
think
it
lab
is
the
only
other
one
I
know
of
off
top
of
my
head.
That
is
filtering.
It.
B
G
B
Github
has
also
made
movements
in
the
supply
chain.
Security,
space
and
I'd
be
curious,
with
sort
of
the
changing
landscape
there
and
they
revise
their
own
internal
guidance.
G
Yeah
I
think
our
concern
has
always
been
about.
You
know,
fields
that
have
no
no
limits
or
restrictions
or
unknown
Fields
entirely
right,
like
an
artifact
type,
has
to
we
can.
We
can
put
it
through
a
regex
and
we
can
make
sure
it's
a
media
type
and
it
can
be
a
certain
max
length
and-
and
so
at
that
point
it's
easy
to
say,
yeah.
Let's
accept
anything
that
matches
that.
A
B
Yeah,
so
it
depends.
B
Think
it's
worthwhile
to
sort
of
push
on
this
and
see
if,
if
Registries
pushed
back
and
I,
think
it
will
result
in
a
richer
ecosystem.
A
Yeah
and
I
certainly
get
where
you're
trying
to
go
with
that
when
I'm
I
was
putting
it
out
there
of.
If
you
want
this
approved
quick,
then,
as
is
right
now,
it
was
probably
easier.
If
you
want
this
approved
with
that
change
and
solving
the
hard
problem,
then
you
know
take
a
little
bit
of
time
to
solve
the
art
problem
and
we're
notorious
for
everything.
Taking
a
long
time.
A
Well,
I
also
see
Ron
Kumar
in
the
chat,
mentioning
that
whitelist
and
Blacklist
could
be
more
of
a
registry,
specific
policy,
and
so
different
red
trees
would
have
different
opinions
on
that.
One.
B
I
think
I
could
just
share
my
screen
really
quick
sounds
like
we
just
want
to
potentially
tweak
a
few
lines
here
under
the
config
media
type.
I
just
wanted
to
run
the
spider.
Real,
quick
and
I
can
then
make
a
commit
and
save
extra
round
trip.
Latency.
B
I
guess
it
would
be,
this
would
be
the
line
copied
effectively
from
the
artifact
type.
B
And
only
on
only
imposing
the
requirement
on
drawing
and
copying
implementations,
and
then
it
sounds
like
we
might
want
to,
and
this
one
I
think
maybe
should
be
just
pulled
out
into
a
separate
PR.
Is
this
language
is
very
specific,
as
you
said,
to
run
times
and
I'm,
not
sure
how
we
want
to
handle
that.
B
I
can
just
add
this
line
then,
and
I
commit
and
I
think
we'll
need
to
think
about
this.
But
maybe
it's
not
an
issue
for
now
is
if
it's
an
unknown
media
type,
then
it's
unknown
and
it
will
would
be
accepted.
I
guess
under
the
rules
is
written
and
it
would
just
be
the
hypothetical
of
a
registry
that
only
accepts
Helm,
charts.
I
guess
would
violate
the
rule
because
it
would
not
accept
image.
C
B
Okay,
I'm
gonna
add
just
this
single
line,
then
in
a
additional
commit.
A
Sounds
good,
I
I
know,
it'll,
probably
start
some
back
and
forth,
but
it
might
be
worth
seeing
if
we
can
find
somebody
on
the
gitlab
side
to
reach
out
to
and
I
just
pick
on
them
because
they're,
the
ones
I
know
they're
doing
this
I
don't
think
Docker
Hub
is
doing
it
at
all
anymore,
so
I'm
trying
to
think
of
who
else
might
be
interested
in
filtering
that
big
media
type.
A
All
right
other
things
on
the
agenda
today,
going
on
the
third
item
now
was
the
content
type
I've
seen
this
from
at
least
one
registry.
A
I
was
naming
names
earlier,
so
I'm
not
calling
blame,
but
I
saw
this
on
ACR
when
I
was
looking
at
the
reefers
API
response,
so
I've
updated
my
code
to
handle
it,
but
it
is
specifically
this
little
bit
of
extra
code
at
the
end
that
says:
hey
I've
got
UT
updata
here,
which
is
following
the
RFC,
but
in
our
stuff
in
our
spec
is
saying:
hey
it's,
it
should
just
be
the
media
type,
and
my
question
is:
should
we
go
ahead
and
include
that
follow
the
RC
and
do
everything
or
and
that
the
media
type
is
just
the
base
me
you
type
in
there
what's
with
the
RCA
says,
is
how
you
parse
it
and
it's.
A
A
F
If
you
make
it
more,
restrict,
do
you
if
you've
made
us,
do
you
also
have
to
recommend
or
or
require
a
specific
character
set
encoding
like
do
we
have
to
then
choose?
It
must
be
a
utf-8
if
you
can't
provide
what
happens
if
someone
tries
to
use
something
else,.
B
On
page,
seven
at
the
bottom,
all
better
fields
to
find
in
RFC
allow
comments,
in
parentheses,.
B
It
says
there's
a
there,
it
is
mine
version
and
it
says
that
all
Fields,
including
content
type
in
the
paragraph
above
subject
to
the
rules
and
can
include
comments
so.
E
B
E
A
A
A
A
A
If
we
omit
the
content
link
on
a
blob
upload,
then
that's
allowed
in
the
original
registry
spec,
but
not
in
the
oci
spec.
And
so
this
was
changing
out
to
say
that
when
you
do
a
blob
chunk
upload
without
a
size
on
there
that
that's
okay,.
A
And
the
reason
I'm
willing
to
go
with
that
is
I
suspect.
What's
happening,
is
dock
or
does
their
upload
as
a
single
chunk,
they
say
give
me
a
chunk
upload,
push
a
single
chunk
and
then
send
the
digest
to
the
end
of
the
follow-up
request,
and
so
my
assumption
there
is
that
in
that
one,
big
single
chunk
that
they're
just
sending
everything
streaming
it
the
compression
of
the
layer
and
whatnot
on
the
Fly,
and
so
they
don't
know
the
length
in
advance.
B
I'm
inclined
to
agree
I
think
that,
when
trying
to
write
streaming
proxies
that
don't
have
to
buffer
an
entire
payloaded
memory,
you
definitely
want
to
be
able
to.
A
E
A
A
A
This
is
one
that
IBM
Mike
Brown.
You
and
I
have
going
back
and
forth
on
this
one
a
couple
times
which
is
when
we're
talking
about
registry
versus
repository,
the
terminology
in
there
I
think
there's
been
a
lot
of
back
and
forth
of
saying
one.
That
was
just
too
long
for
me.
Sorry,
Mike,
that's
just
too
long.
I
can't
do
it,
but
overall
in
here
I
think,
there's
a
back
and
forth
of
whether
or
not
the
specs
should
say
that
a
lot
of
this
stuff
is
in
a
specific.
A
Oh
man,
TNR
is
find
all
kinds
of
crazy
things
manifest
and
valid
tianan.
Where
did
you
try?
Oh,
that
was
Docker.
Okay,
Docker
doesn't
like
it
oh
buddy
for
folks
that
aren't
seeing
the
chat.
Doing
the
crazy
mixed
case
of
a
media
type
does
get
you
a
rejection
on
upload
to
your
Docker
hub.
A
All
right
back
to
registry
versus
repository,
although
I
kind
of
want
to
go
back
to
that
one
now
registry
versus
repository,
the
challenge
that
I'm
faced
on
this
one
is
trying
to
be
flexible
for
people
that
want
to
make
Registries
do
all
kinds
of
new
and
different
things,
and
just
have
a
single
blob
sort
for
everything
and
slice
and
dice
that
across
multiple
repositories
and
not
have
to
have
you
upload
multiple
times
and
knowing
that
we've
gotten
there
right
now
is
things
like
doing
a
cross
repository
blob
Mount
to
get
the
block
from
one
to
the
other
and
for
most
of
the
Registries.
A
If
you
try
to
do
an
upload
and
your
blob
was
in
a
different
repository,
it's
just
going
to
say
that's
not
going
to
blob
to
your
repository,
and
so
a
lot
of
these
apis
are
scoped
to
an
individual
repository
for
all
the
different
blobs
within
a
manifest,
and
some
I
was
trying
to
clarify
that
in
here
and
I
think
what
I
ran
into
is
people
saying?
Well,
you
can't
necessarily
say
that,
and
yet
we
get
users
coming
to
us.
Saying
hey
I
tried
to
do
a
lot
of
stuff
on
the
Spectrum.
A
A
It's
been
so
long
style
for
this
one,
but
the
reasons
came
up
was
there
was
a
question
on
garbage
collection
to
which
I
was
trying
to
be
good
of
saying
we
don't
touch
garbage
collection
and
at
some
point
in
their
there
was
a
question
of
whether
or
not
things
are
allowed
to
go
across
and
so
I
was
yeah
references
or
specific
repository
I.
Don't
think
we
say
that
references,
our
specific
repository
in
our
spec
right
now.
A
D
Authentication
and
redirection
like
Sanjay
is
the
you.
C
D
A
little
issue
there
how
to
handle
those
Rejects
and
redirects.
A
A
A
D
D
D
A
Or
we've
got
a
reference
between
two
things:
a
manifest
when
I'm
trying
to
do
a
push
to
repository
or
something
like
that
and
it
or
try
to
pull
Repository
and
for
some
registry
it's
got
the
Restriction
words.
It's
not
found
across
this
entire
registry.
D
Well,
if
I
log
in
right
to
to
a
registry
for
my
Repository
and
then
I
and
then
I
make
requests
that
doesn't
give
me
access
to
other
right,
even
even
though
I
could
reference
them.
It
doesn't
give
me
access
to
one
that
I
don't
have
authorization
to.
A
Correct,
but
in
this
case
we're
saying,
if
I'm
trying
to
do
a
manifest
pull
and
is
not
found
in
the
X,
the
response
is
404.
That's
what
we're
looking
at
here.
So,
if
I'm
doing
a
pull
of
a
manifest
and
the
pull
itself
is
scope,
the
poll
says:
I
am
pulling
from
this
URL
this
whole
path
here
and
there
is
V2
slash
whatever
repository
in
there.
D
C
A
D
E
A
E
I
think
scoping
is
the
problem
there.
Honestly,
getting
rid
of
in
the
registry
would
clarify
it
because
you're
within
context
of
that
call,
whether
it's
I
mean
cross
Mount
is
another
problem
right.
It's
not
within
the
repository.
It's
a
cross
repositories,
so
I
would
say
getting
rid
of
the
in-registry.
The
problem
is
that
we
have
a
three-part
definition
here,
which
is
registry
repository
and
the
last
portion,
which
is
name
tag
or
reference,
or
something
like
that.
So
we
haven't
defined
that
in
the
specification,
but
we
use
a
reference
everywhere,
I
think
in
the
registry.
A
D
A
A
I
I
think
I
drugged
that
issue
out
as
long
as
I
could
was
that
the
last
one
I
listed
are.
We
did
I
have
garbage
question
in
there.
No,
that
was
the
last
one
right
on
time:
holy
cow,
all
right,
I,
don't
think
you
made
any
progress.
We
made
a
little
bit
of
progress,
but
I
still
think
it
was
good
me.
So
thank
you.
Everybody
for
showing
up
and
for
everybody's,
going
to
be
in
the
open
source
Summit
next
week.
Look
forward
to
seeing
you
there
for
anybody.