►
From YouTube: OCI Weekly Discussion - 2022-12-01
B
B
Agenda
I
only
had
the
one
item
on
there
or
just
throwing
a
little
bit
of
attention
out.
There
say:
hey,
there's
an
open
PR
for
people
to
look
at
wasn't
really
much
to
talk
about
that
one.
The
366
was
just
defining
what
happens
when
the
patch
fails
or
when
you
do
a
chunked
upload.
You
see
a
failure
in
the
middle
of
it.
B
B
Otherwise
anybody
have
any
other
topics
they
want
to
talk
about.
Today,
I've
seen
a
bunch
of
threads
over
on
the
slack
I'm
happy
to
talk
about
anything.
A
Yeah
I
wanted
this
discussion
that
we
had
about
artifact
types
and
the
guidance.
You
said
that
there
is
a
open
task
to
define
the
best
practices
there,
like
I
I,
just
wanted
to
understand
what
is
the
process
for
that
being
kind
of
pretty
new
to
the
LCI
Community
and
how
we
can
drive
that
forward.
B
Yeah
we
had
our
meeting
back
on
the
24th
and
yeah
I
agree
with
Sashay
welcome.
We
had
the
meeting
it
was
that
was
open,
source,
Summit
I,
think
wasn't
it
or
was
that
no
that
was
kubecon.
They
had
an
oci
meeting
there
and
one
of
the
agenda
items
kind
of
scroll
through
the
notes
here.
So
I
can
give
a
good
answer,
but
one
of
the
agenda
items
was
to
pretty
much
standardize
this.
B
So
let
me
actually
copy
and
Link
directly
to
that
and
I'll
drop
this
in
the
chat
and
I'll
also
put
in
our
main
notes
where
we
are
just
talking
about
in
general
that
this
is
an
open
question.
B
The
reason
we
don't
have
a
good
immediate
answer
to
you
right
now
is
because
we
we
really
haven't
solidified
it
in
the
spec
as
a
standard
and
I
think
some
of
the
pushback
was
saying:
we've
we're
pushing
back
to
see
what
the
community
wants
to
do
with
it
and
then
traditionally
oci
has
been
a
liking
standard.
We
we
haven't
been
dictating
here's
how
you
must
use
our
spec,
and
so
we
we
tend
to
come
along
when
someone
uses
it
and
say:
okay
they're
using
it
that
way.
B
A
Okay,
I
I
I'll,
look
at
that
and
I
I
will
put
maybe
my
thoughts
on
that
we've
been
discussing
this
with
Sachi
and
Steve
related
to
the
issue
that
was
filed
by
Steve
and
I
saw
you
commenting
this
morning
on
that
cozy
yeah
about
the
Cozy
stuff,
so
I
I
have
my
kind
of
expectations
how
that
is
used.
It
seems
that
actually,
my
expectations
are
different
from
what
other
people
are
expecting.
That's
why
I
ping
you
and
the
folks
there
on
the
private
Channel
just
to
understand?
A
Okay,
what
is
the
historical
work
and
how
you
guys
plan
to
use
it?
So
that
was
the
reason.
B
I,
don't
know
you
just
frankly
taking
notes
here,
yeah
the
big
concern
I
had
when
I
looked
at
what
was
happening
at
the
Kersey
was
just
I.
B
Don't
have
enough
context
on
cozy
itself,
but
my
big
fear
is
that
someone
else
could
come
along
and
do
something
with
a
different
payload,
but
also
wrapped
in
whatever
cozy
is
doing
and
I
don't
want
to
get
in
a
situation
where
we
can't
differentiate
between
the
two
between
two
people
come
up,
two
different
artifacts
and
so
I
I
come
out
and
say:
let's,
let's
do
the
obviously
terrible
example
and
say
if
we
just
called
it
application
Json
for
representary
s
bomb,
no
one
be
able
to
recognize
which
s
mom
is
which
because
they're
all
application
Json
and
someone
wants
to
know
whether
or
not
it's
spdx
versus
Cyclone
DX
versus
something
else.
A
And
I
I
totally
agree
with
that.
I
I
actually
was
looking
from
kind
of
more
a
higher
level
abstraction
when
we
Define
those
and,
for
example,
not
even
application
spdx,
but
more
of
a
like
s-bomb
and
I.
A
Don't
want
to
use
the
Iana
just
because
I
think
that
that
that's
confusion
we
can
because
there
is
no
registered
Iyana
media
type
for
let's
say
application,
s-bomb
right,
because
s-bomb
can
be
in
different
formats
right,
it
can
be,
spdx
can
be
Cyclone,
DX
can
be
I,
don't
know
what
else
right
and
the
scenarios
that
I
was
kind
of.
Thinking
of
how
this
can
be
used
is
really
I
want
to
get
the
the
s-bomb.
Why?
A
I
think
we
are
exposing
too
much
of
the
underlying
implementation
of
the
systems
and
I
had
some
other
thoughts
around
interoperability
and
like
especially
what
was
filed
by
by
Steve
right
and
I,
totally
kind
of
agree
on
the
Cozy
stuff
right.
It's
like
cozy
I
can
do
many
things
with
cause.
It's
not
only
signatures
right
this.
A
This
is
not
the
right
thing
to
to
put
there,
but
if
we
let's
say
like
the
the
my
initial
reaction
is:
if
I
go
and
see
notary
signature,
that
means
that
only
notory
can
understand
that
right.
What
about
if
another,
two
and
that's
kind
of
in
line
with
your
comments
there?
Let's
say
another
tool
created
a
cozy
signature.
Right
then
assumption
is
that
if
I
understand
quasi
I
can
I
can
read
it
not
only
with
notorious
at
all,
but
any
other
tool
that
actually
created
it.
A
So
these
are
kind
of
the
questions
in
my
mind,
I
think
it's
much
longer
discussion,
but
and
I
I
I
think
that
the
longer
we
postpone
to
defining
what
exactly
the
artifact
type
will
be
and
how
it
can
be
used.
The
more
confusion
that
we
want
in
the
community
right
and
that's
that's
kind
of
my
only
concern.
B
I
I
agree,
and
so
that
was
while
I
was
pushing
to
say
if
we
we
get
an
open
issue
over
on
I'm,
assuming
we're
trying
to
put
this
around
image,
spec
that
that
might
help
put
a
little
bit
more
pressure
on
some
of
those
CI
stuff,
saying
here's.
Why
that
we
can't
just
wait
for
the
community
to
do
it
that
we
need
to
do
it
for
the
community
that
that
might
help
try
out
some
of
that
discussion
if
you're
looking
to
go
that
way,
because,
right
now
it's
it's
been
very
much
a
let's!
B
Let
the
community,
do
it
and
then
see
what
happens
in
the
document.
It
part
of
what
I
described
at
our
meeting
from
the
kubecon
was
saying.
There's
I
think
exactly
what
you're
saying
there
are
a
lot
of
different
ways.
You
can
represent
this
and
you're
looking
at
the
artifact
typing,
the
media
type
and
how
they
interact
and
depending
on
how
you
do
this,
how
you
want
to
package
this?
There
are
a
lot
of
different
ways.
Somebody
could
represent
the
exact
same
data.
B
B
C
Yeah,
so
I
just
wanted
to
point
out
that
I
mean
this
is
this
is
a
very
important
topic,
I
think
in
terms
of
best
practices.
Otherwise
it
causes
a
lot
of
confusion.
So
there
is
this
concern
that
John
Johnson
raises
very
frequently
that
is
I,
think
he's
unhappy
about
the
proliferation
of
these
media
types
when
you,
when
you
get
into
this
right,
so
that
is
also
the
other
other
side
of
this
conversation.
C
So
do
you
want
the
so
once
you
open
this
up
the
artifact
app,
then
the
media
types
will
proliferate.
So
so
this
I
think
we
need
to
put
out
proper
guidelines
on
how
to
use
this
effectively,
and
this
is
going
to
become
very
important.
C
If,
when
you
have
this
so
the
so,
what
is
artifact
types
and
media
types
work
does?
Is
you
basically
can
choose
whatever
you
want
there
and
the
contract
is
between
the
the
the
client
that
pushes
on
the
client
that
pulls
and
the
registry
is
just
a
storage
in
between.
So
that
is
the
contract
and
and
basically
what
it
gives
you
is.
It
is
powerful
in
the
sense
that
the
registry
is
you,
you
gain
a
lot
of
flexibility
in
what
you
can
store.
C
So
that's
what
it
gets
you,
but
if
the
issue
is
that
the
registry
must
be
able
to
inspect
or
enforce
certain
types
on
the
data
that
it
is
consuming,
because
then
then
you
really
need
to
be
careful
about
what
media
types
are
allowed
inside
the
registry,
and
that
may
be
important
because
the
way
the
artifacts
spec
is
right
now
the
lines
are
blurring
between
a
registry
and
a
file
system
right.
C
So
that's
that's
the
that's
the
issue,
I
guess
so
for
the
registry
operators
and
users,
how
do
you
set
up
these
artifacts?
How
how
to
use
them
effectively?
All
of
that
becomes
very
important
now
in
terms
of
guidelines.
A
B
B
A
So
Brandon,
what
if
I
wanna,
add
couple
of
scenarios
to
to
this
hack
MD
document?
What
what
is
the
process
that
I
should
follow
for
that,
because.
B
Yeah,
these
were
the
notes
from
our
kubecon
meetings,
so
feel
free
to
like
look
at
that
take
from
there
I
wouldn't
necessarily
change
it.
Just
because
it's
more
like
a
document
of
what
we
talked
about
before
but
open
issue
over
on
image,
spec
can
say:
hey
we're
we're
looking
at
this
we're
having
the
problem
of
trying
to
figure
out
which
direction
we
should
go.
B
A
Yeah
so
I
we
had
quite
long
discussions
with
with
Steve
and
Sachi
on
on.
They
are
kind
of
a
couple
of
issues
there.
So
one
is
what
we
we
should
do
on
the
short
term.
So
because
some
of
the
kind
of
longer
term
discussions
they
can
take
too
long
they
can
take
like
in
order
to
come
up
to
agreement.
It
may
take
a
while.
My
my
specific
concern
is
really
when
we
start
I
understand
that
we
will.
A
There
is
the
concern
of
proliferating,
the
the
media
types
right,
but
on
the
other
side,
if
every
let's
say
vendor
start
putting
their
vendor
type,
artifact
type
right.
That
will
proliferate
the
the
artifact
types
right
and
now
my
tool
will
need
to
understand
like
SPD
access
bomb,
the
the
taekwon
DXs
Bond
taught
is
s-bomb
format,
and
so
on
and
I
need
to
have
too
many.
A
If,
if
Case
statements,
if
I
really
need
to
go
and
find,
is
bombs,
and
also
from
like
when
I
go
and
query
the
registry
right,
I
need
to
have
a
long
query
which
says:
I,
wanna,
spdx
and
Cyclone,
DX
and
and
toddy
says
bomb
or
I
need
to
make
three
requests
to
the
registry
for
each
one
of
those
depending
of
how
the
the
filtering
capabilities
implemented.
So
that's
from
from
one
side
from
the
other
side
like
if,
let's
say
somebody
uses,
take
the
Cozy
example,
because
Steve
started
with
the
Cozy
example.
A
A
Does
that
prevent
like
the
interoperability
is
the
question
that
immediately
pulls,
in
my
mind,
is
okay.
This
is
created
by
by
let's
say,
notary.
Signature
can
cosine
understand
that
signature
or
my
immediate
reaction
will
be
wow,
it's
created
by
notary
because
it
says
artifact
type,
notary
signature.
Presumably,
there
is
something
specific
to
notary
that
I
will
not
be
able
to
read
it
in
another
tool.
Right.
A
Does
that
kind
of
stops
the
interoperability
between
the
tools
I
will
like
most
probably
I,
will
kind
of
document
this,
and
what
are
my
thoughts
right,
and
this
is
my
understanding.
That's
why
I
kind
of
started
asking
those
questions
and
I'll
file,
issue
I'll
appreciate,
if
you
guys,
can
comment
and
and
give
some
guidance
how
we
wanna
how
it's
supposed
to
be
used.
B
Yeah
I
think
the
the
big
challenge
is.
You
threw
out
two
very
different
scenarios
there.
One
is
which
you're
trying
to
query
and
say
give
me
any
yes
Mom
at
all,
I,
don't
care
what
it
is.
I'm
just
documenting
this
and
passing
this
up
to
some
other
system
that
can
interpret
every
yes
bomb
out
there,
and
so
it
doesn't
matter
what
specific
format
it's
in
I'll
take
anything
and
the
other
scenarios.
B
A
A
I
I
totally
agree
with
that.
Then
the
the
question
is
like
talking
with
customers
like
most
of
the
times:
they
they
don't
care
right.
They
go
like
take.
The
example
with
the
signature,
like
is
that
sign,
can
I
actually
verify
that
it
was
not
tampered
when
it
moved
between
registry,
for
example,
I.
Don't
care
whether
it's
like
signed
with
with
cozy
dizzy
jws,
whatever
it
is
right,
I
just
want
to
make
sure
that
it
is
verified.
A
Some
customers
will
go
deeper
and
say
no
I,
don't
trust
cozy
or
dizzy
I
trust
jws.
Only
because
that's
what
I
decided
to
do
and
I'm
specifically
interested
in
jws,
but
most
of
the
customers
like
is
it
signed
like?
Is
it
signed
with,
like
cell
relatively
strong
algorithm?
That's
what
they
care
about,
and
they
just
move
on
to
that
one
so,
which
means
that
they'll
be
looking
like.
Give
me
a
signature.
Is
that
signature
that
my
tool
can
process?
Yes,
then
I'll
verify
it
and
do
all
that
yeah.
B
And
right
now
to
answer
the
question
you
kind
of
threw
out
there,
which
was
unclear
what
the
querying
filters,
what
those
filters
can
allow
you
to
do
and
I
think
right.
Now
it's
only
going
to
let
you
pick
a
specific
media
type,
you're
not
going
to
be
or
artifact
type
you're
not
going
to
be
able
to
give
it
a
list
and
say
give
me
any
one
of
these
three
or
four
or
five
artifact
types.
You're
gonna
have
to
say:
I
want
this
one
for
each
for
each
query,
which.
D
B
A
A
The
thing
is
like
most
of
the
time:
I'm
looking,
let's
say
for
for
s-bomb
or
signature
right
and
I,
don't
care
the
format
of
the
signature,
so
the
way
that
I
kind
of
look
up
these
things
is
I
would
like
to
get
everything
that
is
from
certain
artifact
type
and
then
evaluate
based
on
the
media
type
of
The
Blob.
What
I
want
to
do
right?
That's
kind
of
my
my
interpretation
of
this.
F
I
I
would
I
would
not
like
to
hire
a
company
that
doesn't
care
the
format
of
the
signature.
I
think
we've
gone
through
this
question
of
what
a
signature
is
right,
so
we
need
to
kind
of
like
be
a
little
more
crisp
in
terms
of
give
me
everything,
because
I
think
that's
a
that's
more
like
a
copy
kind
of
scenario.
So
it's
from
a
language
perspective
I
think
it's
okay
to
ask
for
signatures,
but
from
a
tooling
perspective,
you
need
to
be
able
to
reconcile
what
the
content
is.
F
For
example,
I
could
push
my
own
application
signature,
and
would
you
trust
it
that
degree
of
definition
needs
to
happen?
I
think
the
scenario
is
kind
of
important
here
as
to
what
are
we
trying
to
achieve
because
getting
every
s-bomb
is
not,
in
my
opinion,
is
it's
good
for
archiving
or
maybe
for
like
content
moving.
But
what
is
the
scenario
for
getting
all
s-bombs?
Would
you
expect
an
s-bomb
that
is
in
a
format
that
you
don't
understand?
Yeah.
A
That
is
one
thing
that
the
other
thing
is
like
I
like
if
we
had
this
discussion
like
with
with
the
document
types
right
right,
one
tool
can
process
more
than
one
document
type,
and
this
may
be
actually
something
that
that
we
want
to
Target
in
the
future.
Again,
like
my
my
main
question
is
like:
can
I
sign
something
with
notary
and
expect
that
other
tool
will
be
able
to
understand
that
signature?
And
how
do
we
actually
describe
this
in
the
artifact
in
the
the
the
Manifest?
A
So
the
other
two
is
not
confused
or
the
developer
that
develops.
Other
two
is
not
confused
and
say:
look.
This
is
not
a
signature.
Only
notary
can
understand
that
signature.
If
that's
the
the
way,
we
are
going
that
I'm
I'm
fine,
but
right
now
I'm
confused
with
with
with
this,
because
my
expectation
will
be
that
I
can
go
and
open,
see,
not
a
design,
see
not
only
signature
in
some
other
tool
which
I
developed
not
with
like
notary
goal.
Library
I
may
want
to
develop
a
library
in
Python
right.
B
A
B
Another
scenario
there,
you
might
have
compliance
checks,
they're,
saying
make
sure
that
we
only
pull
in
images
that
have
an
s-bomb.
They
don't
care
what
the
s-bomb
is.
They
just
want
to
know
that
you've
provided
an
s-bomb,
so
I
can
see
scenarios
out
there
where
they're
not
too
picky
on
the
specific
format.
As
long
as
you
provide
something,
but
I
can
also
understand
what
Sanjay
is
saying
of
hey.
If
I'm
writing
notary
my
tool
only
understands
the
certain
signatures.
B
I
don't
want
to
see
anything
else,
and
so
they're
everybody's
got
a
different
use
cases
coming
into
this.
Some
of
it
may
make
sense
to
defer
to
annotations,
because
we're
also
looking
at
pulling
those
back,
not
just
artifact
type.
You
can't
filter
on
those
on
the
server
side.
F
No,
we
we
do
have
some
ideas
on
on
the
similar,
but
totally
different
side
right,
which
is
the
registry,
is
able
to
serve
oci
and
Docker,
and
we
assume
that
to
be
an
image.
But
the
client
asks
for
Doc
for
image,
manifest
index
or
OCA
manifest
list.
So
it
tells
you
what
you
want,
even
though
the
concept
of
a
container
can
be
across.
So
it's
there.
That's
teased
in
probably
go
back
to
John.
Johnson
say
these
are
media
types
and
how
do
we
kind
of
handle
them?
F
It's
kind
of
leaning
towards
that
same
thing
of
multiple
media
types
or
multiple
types
actually
collapse
to
a
logical
concept
of
the
same
type,
and
we
don't
have
any
notion
in
oci
that
says
these
are.
These
are
everything
these
are
give
me
any
manifest
right.
We
we
say
which
manifest.
We
want.
F
A
So
Brandon,
just
kind
of
back
to
your
currently
the
EO
order
is
just
producer,
is
born
right.
A
B
E
Doesn't
make
me
laugh
or
where
I
I
upload
the
real
receipt,
but
the
processing
system
shows
it
as
a
blank
page
because
it
can't
handle
the
PDF
for
whatever
reason,
which
is
what
makes
me
realize.
I
could
upload
anything
here.
I
could
upload
a
text
file
I
could
upload
a
virus,
I
could
upload
whatever
I
want
and
the
system
would
give
it
a
nice
green
check
and
say
yep
confirmed
it
has
an
s-bomb.
It's
fine
yep.
B
It
is
helpful
to
seeing
some
of
the
different
use
cases
out
there,
and
so
it
might
be
good
when
you're.
Looking
at
what
the
issue
you
want
to
raise
on.
This
is
and
saying:
how
do
we
specify
these
to
start
looking
at
the
different
use
cases
and
the
different
users
that
you're
going
to
be
using
us
from
different
perspectives,
because
I
think
each
one
is
going
to
come
in
with
a
different
requirement.
A
Yeah
makes
sense,
so
I
will
actually
go
and
write
the
all
the
scenarios
that
I
currently
have
in
mind
and
I'll
put
it
from
discussion
so
and
I
understand
that
there
will
be
different
approaches
that
we
can
take.
B
D
B
Been
looking
at
from
some
of
our
incurred
in
terms
of
how
I
can
just
do
a
query
and
let
the
user
get
a
response
back
that
says:
hey
here's,
here's
the
data
you're
looking
for
and
I
realize
Well
everybody's
going
to
format
differently.
It
doesn't
make
it
easy
to
start
putting
answers
in
those
fields
very
ways
using
different
syntax
there.
So
there's
some
value
there.
B
Frantically,
just
coming
back
to
the
slack,
because
I
feel
like
there
are
some
other
topics
came
up
this
week,
yeah
just
before
this,
we
were
talking
about
what
does
it
mean
to
be
ignored.
B
B
But
the
big
question
came
in
of
you
know:
if
it
sees
something
doesn't
know
what
it's
supposed
to
do
with.
It
must
be
ignored,
and
we've
looked
at
this
before
in
terms
of
the
what
was
the
name
of
the
section
there
we're
looking
at
and
the
considerations
document
we're
looking
at
that
I
think
it's
more
of
the
extensibility
than
anything
else.
I've
used
foul.
B
Yeah,
the
extensibility
section
we
say:
okay,
you
know,
if
you
don't
know
what
to
do,
they
must
be
ignored.
I
propose
one
extra
sentence
to
go
in
there.
We
haven't
approved
that
yet.
So
it's
just
part
of
my
PR
right
here,
but
different
people
see
the
phrase
must
be
ignored
and
we
don't
really
have
a
good
definition
for
must
be
ignored,
means
so
the
other
spot
that
we're
looking
at
it
here
was
when
you
see
a
media
type
that
you
don't
know
what
it
is
within
an
index.
B
D
B
B
Not
to
not
to
terrify
you
there
toddy,
but
sometimes
things
sit
around
for
a
while
with
us,
forgetting
about
them.
Squeaky,
Wheels
I
do
work.
B
Probably
not,
let's
see
slavian
yeah
I,
don't
see
him
on
here,
I,
don't
think
so.
G
G
B
And
when
I
thought
about
it,
I
went
back
to
remembering
how
Docker
Hub
was
rejecting
a
bunch
of
media
types
they
didn't
like
and
I've
heard.
Other
people
say
they
want
to
reject
media
types.
They
don't
like
as
well
and
I.
Don't
think
we,
as
oci
has
said
that
you
must
accept
every
media
type.
So
it's
very
possible.
Someone
could
do
that
and
still
be
within
compliance
as
long
as
they
accept
the
minimum
media
types.
I
guess.
B
Not
something
I
like
thinking
about,
but
I
could
very
well
see
that
happening.
That
said,
or
that
to
happen
here,
a
registry
can
always
reject
an
index
that
refers
to
a
manifest
that
doesn't
exist
on
the
registry
and
they
can
also
reject
a
manifest
upload
with
a
media
type.
They
don't
recognize
and
so
putting
those
two
together.
B
G
B
G
We
know
that
one
yeah
I,
don't
know
I
I'd
argue
not
necessarily,
but
I
don't
have
the
energy
for
it.
I
don't
know
I,
don't
care
I
I.
Maybe
we
should
add
something
about
like
this.
The
purpose
of
this
statement.
It's
a
round
forward
compatibility.
So
do
the
thing
that
makes
most
sense,
but
I
don't
know
like
what
I
don't
know
what
I
would
do
if
I
saw
that
both
as
a
client
and
a
registry
I'm
not
sure.
B
B
G
G
B
E
B
Because
902
make
sense,
concerns
thoughts.
One.
B
This
Sacha,
you
just
threw
that
in
there
any
reason
why
it's
not
a
must
shall
not,
as
the
same
as
like
a
negative,
must
I
think.
G
F
B
B
G
But
with
like
more
hedgy
language
and
then
Stephen.
E
B
G
I
I
don't
even
know
that
it
is
true,
you
know,
I,
don't
know,
I,
don't
know,
I
agree
with
it
like,
let's
say:
Jason
Hall
write
the
registry.
That
does
something
interesting
when
you
pull
like.
G
B
G
B
G
With
no
knowledge
like
like
there's
a
partially
covered
elsewhere,
but
the
like
the
closet
again,
even
when
encountering
unknown
properties,
seems
to
indicate
to
me
that
there's
a
reason
for
this
sentence
being
added
like
there.
B
B
Yeah,
that's
why
it's
terrifying
to
us
that
you
know
the
rest
of
the
spec
and
how
all
the
pieces
fit
together.
But
somebody
just
reads
for
the
first
time
might
think:
oh,
if
I'm
just
supposed
to
ignored
I
can
just
ignore
it
and
their
definition
of
ignore
might
not
be
the
same
as
our
definition.
But
nor,
if
we
don't
spell
it
out,.
G
I,
just
don't
like
the
sentence.
This
is
real,
really
not
that
useful
feedback
like
could
we
combine
it
with
the
previous
sentence
like
like?
They
must
ignore
unknown
properties
and.
G
B
You're,
mostly
talking
about
the
artifact
type
and
the
blob
media
type
and
I,
think
we
agreed
to
make
a
whole
new
spec
and
extend
our
CI
into
a
whole
new
realm
so
that
nobody
has
planned
on
and
that'll
happen
tomorrow.
No,
we
kind
of
brought
up
some
of
the
conversation
that
we
had
at
back
at
kubecon
and
talked
about
some
of
the
Cozy
discussion.
B
So
yeah,
that's
we
should
hopefully
see
study
is
still
there,
I
hope,
I'm
saying
the
name
right.
Hopefully
we'll
get
a
issue
coming
out
of
that
of
saying:
oci
maintainers,
please
better
Define.
What
these
things
mean,
give
us
more
guidance
on
how
we
should
use
this
I
think
it
goes
along
with
some
of
your
comments.
So
people
shouldn't
be
picking
out
media
types
from
wherever
they
should
be
following
some
kind
of
Standards
guidance,
something
out
there
so
that
we're
not
making
new
ones
every
30
seconds.
B
G
G
B
I
think
that's
enough
for
one
day
any
other
thoughts
before
we
wrap
it
up
and
give
you
10
minutes
to
drink
some
tea
and
think
about
how
to
rephrase
my
the
wording
over
there.
F
I
did
add
one
more
to
the
agenda
item,
which
was
I
mean
issue
who's
the
one
who
stopped
the
thread
cannot
attend
it
because
of
the
time
zone
he's
in
Shanghai.
But
the
main
question
was:
how
can
we
make
sure
that
we
can
determine
strictly
determine
whether
the
registry
supports
the
oci
Manifest?
F
There's,
there's
not
a
clause
inside
the
reference
API
saying
that
if
refers
is
supported,
then
this
is
supported.
I
think
there
were
a
couple
of
edge
cases
that
they
discussed
like
you
could
query
refers
on
on
a
repository,
and
then
you
have
to
do
a
sub
status.
Query
of
name
not
found.
F
The
repository
doesn't
exist
and
that's
one
way
of
checking
so
does,
should
we
add
anything
into
the
reference
API
or
in
the
distribution
spec
saying
that
if
the
refers
API
is
supported,
then
these
manifest
types
are
supported
or
is
there
some
other
way
to
discover
this
because
there's
no
header
or
any
way
to
query
whether
this?
Whether
the
history
supports
image,
spec
version
who.
D
F
B
F
Before
before
we
get
to
conversion,
I
think
the
first.
The
first
challenge
was:
how
can
we
determine
the
whether
this
manifest
is
supported
the
conversion
bit
I'm,
not
even
going
with?
That's
that's
a
hard
one
because,
like
you
said,
content,
addressability
and
all
that
out
of
the
window
right
the
moment
you
convert
manifest.
So
can
we
at
least
make
sure
that
the
registry
can
clearly
Define
like
either
as
an
API
or
a
header
or
some
mechanism
that
okay
I'm
going
to
put
this,
and
then
you
respond
with
some
valid
code.
F
For
example,
I
think
ECR
responds
with
one
code.
Acr
responds
with
one
code
so
and
the
spec,
the
has
one
code
defined,
whether
that's
the
way
that
we
should
do.
It
is
something
that's
pending
and
we
could
handle
all
the
cases
for
different
Registries,
but
it
would
be
good
to
at
least
say
that
this
is
how
the
this
is,
how
we
expect
clients
to
implement
this
or
we
give
another
another
header
or
something.
F
I,
so
so
maybe
some
insight
into
the
library
itself.
Currently
the
library
only
pushes
the
artifact
manifest
and
they
are
considering
whether
there
should
be
a
user
input
or
whether
they,
whether
the
library
can
do
something
smart
of
falling
back
but
to
fall
back
deterministically
is
not
possible
right
now.
F
That's
that's
the
decision
Point,
but
I,
but
I,
don't
think
automatically.
Upgrading
and
moving
content
to
different
registration.
Different
formats
is
a
good
practice.
I'm
pushing
against
that.
So,
just
to
give
you
my
point
of
view,
but
at
least
from
a
email
from
a
distribution
spec
perspective,
we
should
be
able
to
say
that
hey
we
take
this
manifest
and
if
it's
an
invalid
manifest,
then
we
go
back
down.
But
the
problem
with
the
invalid
manifest
error
is
that
the
Manifest
might
be
malformed.
So
that
might
be
one
option.
F
But
if
you
put
a
Json,
then
this
that
doesn't
work
but
client
libraries
can
make
sure
that
the
Manifest
is
valid
and
maybe
use
it
as
a
field,
but
is
that
the
pattern
they
should
use
is
I?
Think
the
high
order,
question
I,
don't
know
the
environment.
Manifest
is
a
good
way
to
determine
that.
Okay,
you
can't
use
the
OCR
manifest.
B
Yeah
from
my
side,
it
doesn't
matter
what
error
the
registry
gives
me
if
it
can't
push
the
new
manifest
type
I'm,
just
failing
whether
it's
an
error,
because
it
doesn't
recognize
a
manifest
or
the
repositories
got
issues
or
who
knows
what's
near
you
out
there
I'm,
just
it's
a
heart
fail
for
me:
I,
don't
have
any
recovery
option
at
that
point.
F
F
B
Yeah,
like
there's
too
much
that
can
go
wrong
with
the
tool
that
the
tool
tries
to
do
it,
especially
because
I
feel
like
it's
going
to
get
used
in
the
reverse
Direction,
where
people
are
going
to
try
to
automatically
promote
and
that's
going
to
be
the
the
phrase
I
used
in
the
link.
There
was
as
a
ticking
time
bomb
as
soon
as
someone
upgrades
an
internal
registry
for
updating
the
external
registry
and
they
build
and
do
everything
internally
and
generate
that
artifact.
F
B
Yeah
I
would
push
that
off
to
a
user
level
thing
where
the
user
knows
that
all
the
Registries
that
they
might
push
the
artifact
to
in
the
future,
I'll
support
it,
and
then
they
tell
the
tool
tool
generated
in
this
format
and
by
doing
that
now,
since
they're
giving
the
tool
Direction
the
tool
just
says:
well
I
try
to
do
it.
It
failed
here's!
Your
error
message.
F
When
can
a
tool
make
sure
that
yes,
my
put
failed
because
the
Manifest
was
not
supported
is
is
the
is
the
challenge
that
I'm
trying
to
address
here,
ignore
the
upgrade
or
conversion
part,
because,
like
I'm,
very
scared
of
conversions
because,
like
you
said,
moving
things
around
as
always
yeah
so,
but
even
if
we
did
should
distribution,
spec
have
a
way
in
which
it
can
clearly
Define
that
the
Manifest
is
not
supported,
because
it's
it's
an
invalid
manifest
or
it's
an
unsupported,
manifest.
Okay,
I
think.
Okay,
now
it
comes
back
to
me.
F
Ecr
returns,
unsupported
the
distribution
spec
says
invalid,
manifest
so
which
one
do
we
go
with,
or
maybe
it's
an
ECR
I
think
that
we
need
to
talk
about
so
either
way.
B
Yeah
I
I
just
throw
the
area
right
back
up
to
the
user
and
let
them
have
to
deal
with
all
the
scenarios
there.
I,
don't
I,
don't
get
smart
on
my
side
like
I,
probably
should
be
so
I
just
saved
the.
If
the
tool
comes
out
with
this
error,
I
just
pass
it
directly
back
up
to
the
user
and
let
them
figure
it
out.