►
From YouTube: OCI Weekly Discussion - 2021-03-17
Description
OCI weekly developer's call recording from 17 March 2021. Notes/agenda here: https://hackmd.io/El8Dd2xrTlCaCG59ns5cwg#March-17-2021
A
C
Yeah,
well,
jason
can't
make
this
time
slot,
but
he
has
asked
me
to
bug
people
about
this
again.
I
think
he
addressed
a
lot
of
the
feedback
and
has
pushed
somewhat
recently
a
new
version
of
this
today.
I
think,
and
so
is.
C
I
honestly
haven't
even
looked
at
it,
so
I
just
wanted
people
to
if
they
had
looked
at
it
and
had
actionable
feedback
a
time
to
talk
about
it.
It's
a
very
small
pr
right.
So
I'm
not
as
happy
with
this
as
I
was
with
the
one
everyone
hated,
but
I
am
happy
to
see
anything
land.
C
Yeah,
it
was
just
a
little
less
specific,
more
abstract
and
so
more
generally
useful
and
also
having
multiple
is
nice,
but
we
have
a
proposal
later.
That
makes
me
happy
regardless,
and
so
I
don't.
B
C
As
much
and
if
one
reference
is
enough
for
everyone
to
be
happy,
then
that's
fine
with
me.
A
Yeah,
I
think,
if
we're
allowed
to
get
a
good
place
here,
then
you're
happy,
that's
fine!
I
think
the
problem
is
if
it's
too
generic,
it's
kind
of
hard
to
make
tooling
actionable
on
it
right.
If,
if
you
can't
really
make
a
strong
decision
on
what
this
thing
is,
then
it's
kind
of
hard
to
have
consistent
tooling
across
all
of
it.
A
C
There's
a
con
common
problem
right
because
we're
solving
and
oci
solves
both
a
very
specific
problem
and
also
a
very
very
generic
and
abstract
problem,
and
sometimes
we
mix
the
two
contexts
and
it's
hard
to
talk
about.
Why
we're
doing
certain
things.
A
Let's
try
to
we
said
your
vincent.
Your
feedback
was,
let's
make
get
through
a
couple
of
actionable
ones.
So
if
we
can,
because
the
data
one,
I
think,
will
be
a
little
bit
more
of
a
discussion
so
on
a
22,
I
think
there's
two:
is
this
the
one
with
two
annotations?
This
is
base
image.
A
So
I
I
think
to
john,
I
think
we've
got
the
right
feedback
coming
on
those
on
that
one
specifically
on
e22.
So
I
think
we
just
let
that
finish
up.
I
think
it's
getting
pretty
close.
I
think
it
was
just
a
some
minor
question
on
a
sample
because
I
misread
it
said
descriptor,
but
it
was
actually
the
link
was
descriptor,
so
it
is
just
a
digest
that
makes
sense
and
then
we're
just
basically
wrestling
with
the
same
old
story
of
default
registry.
Do
you
get
a
fully
qualified
url?
What
does
that
mean?
A
So
you
actually
could
rebuild
it
or
whatever
it
is
you're
trying
to
figure
that
out
doesn't
mean
you
have
access
to
it
like
I
shouldn't
have
access
to
john's
personal.
You
know
registry,
but
I
can
know
that.
Oh
that's
where
that
came
from.
So
I
could
go
back
to
john
going
hey
we're
trying
to
fix
this
thing
and
it
came
from
your
registry.
A
E
So,
just
just
so,
this
feedback
doesn't
get
lost.
I
want
to
say
that
I
also
agree
with
where
john
was
coming
from
that
I'm
not
as
wild
about
where
this
proposal
is
right
now.
But
the
big
issue
for
me
is
that,
in
this
proposal
is
trying
to
encode
inheritance
that
one
image
comes
from
another
image.
That's
not
really
part
of
how
the
oci
image
spec
is
written
right
now,.
A
I
mean
to
vincent's
point
of
there's:
no,
must
here
it's
it's
just
trying
to
say
for
the
people
that
are
doing
the
docker
build
with
the
from
statement
that
they
have
a
way,
a
consistent
way
to
know
how
they
would
trigger
like
what
is
it
based
on
because
they
can
so
they
could
rebuild
it
to
your
point.
If
you
want
to
do
build
packs
or
some
other
way,
that
you're
building
the
image
or
some
of
the
other
you
know
formats,
then
maybe
you
don't
use
this.
This
field.
D
Well,
I
mean
that
was
that
was
actually.
I
was
just
like
scrolling
to
make
sure
that
misha
was
in
this
this
thread,
because,
like
I,
I
want
this
kind
of
information
in
there
and
discoverable.
D
Somehow
this,
this
kind
of,
like
history
or
information,
needs
to
be
preserved
somewhere
and
that's
kind
of
what
the
little
materials
we've
talked
about
before
also
like
some
way
to
spec
out
all
this,
even
if
it's
just
another
object
completely
in
the
layers
list
that
has
its
own
like
media
type
and
otherwise
I
I
would
much
much
rather
see
another
object
in
the
media
list.
Immediate
manifest
list
that
has
its
own
media
type
and
structure.
C
You're
gonna
love
the
proposal
from
later
then
yeah.
I
would
just
echo
what
sam
said,
because
he
made
me
realize
something
I
I
think
in
the
current
form
of
the
proposal
is
too
prescriptive.
This,
as
in
this,
should
be
the
immediate
sharing
zero
index
players.
I
think
that's
nice,
and
that
it's
very
specific,
but
I
mean
we
could
say,
may
instead
of
should,
and
that
opens
it
up
to
me
doing
exactly
what
I
want
to
do,
which
is
you
know
some
artifact
that
represents
my
dependencies.
C
A
And
why
not
just
make
it
john's
annotation
and
you
can
do
what
you
want
to
do
with
it
and
like
if
you're,
if
we're
going
to
be
so
loose
about
it,
that
I
don't
know
how
any
tool
would
make
use
of
a
standard
annotation
as
opposed
to
there's
a
that
said,
john's
update.
Whatever
the
scenario
you
want
to
support,
it
doesn't
have
to
be
under
the
open
containers
namespace,
it
could
be
something
else,
and
then
it
means
exactly
what
you
want
it
to
mean.
A
C
I
guess
I
think
this
is
very
specific,
even
if
that
should
becomes
a
may,
it
means
something
very
specific
and
it
is
still
pretty
powerful
right,
and
so
we
don't
even
have
to
list
any
other
situations.
You
know
if
that
should
becomes
a
may,
then
I
think
we're
pretty
good
because
you
can
verify
if
that
is
true
right.
If
it's,
if
it's
a
may,
you
know
the
client
might
do
do
something
differently
than
you
expect,
but
it's
still
trivial
for
you
to
verify.
C
A
Okay,
so
we
could
keep
on
going
zero.
What
is
zero
index
when
it's
from
or
whatever,
but
this
starts
to
sound
more
than
an
actionable
thing.
I
think
that
the
from
the
time
boxing
of
it
there's
there's
a
conversation
happening,
we
should
figure
out.
If
we
don't
fully
support
consistently
across
it,
then
we
don't
have
to
and
if
we
can
find
a
happy
ground
and
add
an
oci
annotation.
That
seems
to
make
sense,
but
the
process
seems
to
be
working
through
in
the
pr
feedback.
C
A
Okay,
so
just
moving
on
the
next
one
is
the
data
one
and
I
john
and
I
were
kind
of
doing
some
feedback
back
on
and
forth
on
it.
I
didn't
read
your
latest
comment,
but.
C
Yeah,
I
just
pushed
it
sorry,
but
yeah,
so
I
can
talk
about
it
briefly,
but
I
opened
this
last
week
and
there
are
situations
where
you
are
referring
to
content
that
may
not
make
sense
to
actually
require
an
http
request
right.
So
if
we're
talking
about
pulling
an
image,
maybe
you
have
a
layer
that
is
64
bytes,
because
this
contains
like
a
signature
or
something
it
would
be
really
nice.
C
If
I
didn't
have
to
go
across
the
wire
to
go,
get
those
64
bytes
when
the
the
artifact
that
is
pointing
to
it
is
less
than
that
there
is
is
even
more
right
so
like
for
for
very
small
amounts
of
data.
It
would
be
really
convenient
if
we
could
just
embed
them
in
the
descriptor
that
describes
them.
So
this
would
be
exactly
the
content
you
would
have
gotten
if
you
were
to
fetch
it
through
any
other
means,
and
you
should
verify
it
in
exactly
the
same
way
you
would,
but
it.
D
C
So
this
is
something
that
came
up
in
the
pr.
I
think
yes,
for
now,
one
thing
we
could
do
is
fix
how
the
non-distributable
layers
work,
because
that
is
a
quality
that
should
not
be
in
the
media
type,
in
my
opinion.
C
C
Isn't
there
right
like
so
clients
would
not
expect
it
to
be
in
the
content,
addressable
store
when
encountering
it,
but
yeah,
I
think,
for
now
you
would
just
duplicate
things
to
make
it
easier
and
backwards
compatible
with
existing
registries,
because
existing
registries
would
expect
that
content
to
be
there.
D
C
I
I
would
be
surprised
if
registries
could
support
this.
I
guess
you
mean
on
the
for,
for
the
for
the
like
reference.
Counting
part
right,
like
registries,
expect
there
to
be
a
blob
uploaded
if
the
manifest
references
it
yeah,
a
registry
that
does
support
this-
might
skip
that.
But
you
know
for
most
registries
this
you
don't
have
to
support
it
at
all
and
and
the
push
time
is
not
really
a
place
where
you
care
so
much
about
duplicating
the
content
it
one.
C
C
A
And
I
generally
worry
about
the
payload
size
I
mean
a
manifest
was
always
intended
to
be
here
is
a
declarative
information
declared
made
by
the
westwood
here
is
a
description
of
the
content
that
has
been
stored.
Here's
some
metadata
around
it,
so
you
can
make
decisions
the
config
object.
Lets
you
pull
some
information
before
you
actually
start
dealing
with
the
layers
blobs,
because
the
layers
blobs
might
get
routed
to
another
host.
So
there's
this
very
structured
interaction.
A
I
fully
agree
that
we
there's
some
places
where
I
don't
want
to
have
to
pull
a
blob
to
figure
out
the
next
step,
and
we've
been
discussing
this
in
the
the
linked
list.
Conversation
of
like
how
do
I
get
a
list
of
signatures
and
know
which
one
I
really
care
about,
so
I
don't
have
to
pull
them
all,
but
the
way
this
was
written
it
it.
A
What
it
doesn't
sound
like
it's
bounded,
is
to
can
somebody
just
put
a
gigabyte
worth
of
text
in
that
string
and
what's
what
is
the
expectation
of
this
manifest?
That's
supposed
to
be
relatively
small.
C
I
think
to
answer
the
first
question:
yes,
I
think
it
is
valid
to
put
a
gigabyte
in
here
whether
or
not
a
registry
is
going
to
take
that
from
you.
That's
that's
your
problem
right
like
if
you
are
embedding
gigabytes
of
string
data,
you're
gonna
have
a
bad
time
right
in
the
same
way
that
you
can't
push
a
layer
with
a
million
or
an
image
with
a
million
layers
right.
There
are
limitations
that
exist
in
the
world
and
it
is
your
responsibility
to
abide
by
those
right.
C
A
A
But,
like
the
layer
size,
the
layer
counts,
the
layer
size.
The
different
registries
have
different
sizing
like
we've
we've
all
like
and
we've
seen
ml
images
start
to
push
those
boundaries
and
to
sometimes
you
can
argue,
no
but
they're
making
sense
to
me
a
manifest
it's
good
to
have
some
surface
level,
but
if
we
can
bound
it
to
some
reasonable
textual
size
that,
if
I
return
a
manifest
list
in
an
api
that
that's
not
the
thing,
that's
going
to
blow
it
up,
I
can
see.
C
Right
so
so,
there's
kind
of
two
situations
where
you
might
want
to
use
this.
I'm
thinking
about
registries
a
lot,
but
of
course
all
this
applies
in
other
contexts,
but
so
as
as
something
producing
an
image
right
as
like
say
docker
right,
producing
the
manifest
myself,
we
can
have
some
language
in
there.
That
says
you
know
you
should
consider
the
size
of
the
embedded
data
when
and
what
you're
going
to
do
with
it
right,
because
we
shouldn't
limit
it.
C
We
shouldn't
say
this
can't
be
more
than
x
because
that
that
might
be
useful
in
certain
situations,
but
we
we
can
be.
We
can
provide
guidance
that
hey,
you
might
not
be
able
to
push
this
to
a
registry
if
it's
too
large,
and
so
you
should
keep
this
bounded
and,
we
might
even
say
a
number
as
like.
You
should
keep
this
under
a
kilobyte
for
broad
compatibility
reasons
or
something
right.
On
the
other
end
as
a
registry,
there
are
not
any
apis
where
I
have
the
freedom
to
return.
C
Something
like
this
right
like
I.
I
can't
embed
data
in
a
like
manifest
that
I'm
returning,
but
if
we
did
do
all
the
things
I
want
to
do
with
listing,
manifests
where
we
we
call
hey.
Give
me
tell
me
all
the
manifest
in
the
registry
and
the
registry
gives
you
a
list
of
descriptors
in
that
list.
The
registry
has
the
flexibility
to
embed
the
manifest
data
right,
and
so
you
could
ask
the
registry
hey,
give
me
all
the
manifest
and
include
the
data,
because
I
don't
want
to
send
you.
C
You
know
a
thousand
requests.
I
just
want
to
send
one
giant
request:
we
that
doesn't
exist
right,
it's
hypothetical,
but
in
that
situation,
because
the
client
isn't
expecting
a
content,
addressable
response.
C
This
is
a
totally
reasonable
thing
for
the
registry
to
do,
and
it
would
be
up
to
the
registry
to
decide
the
threshold
for
that
right,
because
the
client
isn't
expecting
this
to
be
it's
an
optimization
right.
So
if
the
client
sees
the
data
is
embedded
okay,
I
can
use
that.
But
if
if
the
data
is
omitted
because
it's
above
some
threshold,
the
registry
decided
on
then
the
client
can
just
go
fetch
it
again,
but
then
so
it's
a
there
is
a
reasonable
fallback
that
already
exists,
and
so
this
is
strictly
an
optimization.
A
I
I
guess
I
see
this
group
and
this
oci
specs
as
being
a
way
that
there
we
can
create
more
consistency
across
the
registries
to
enable
more
tooling
that
isn't
cloud
or
registry
specific,
because
it's
just
frustrating
all
of
our
users.
You
know
the
fact
that
docker
pull
docker
run,
you
know,
docker
push
is
just
in
the
most
simple
works
across
all
registries
is
been
a
huge
thing
that
has
brought
the
whole
platform
forward.
A
The
fact
that
we
don't
have
listing
apis
or
searching
apis
and
and
consistency
on
some
of
these
things
has
been
a
huge
detriment
to
us
to
put
to
start
saying
that
hey
you
could
do
this,
and
the
registries
might
do
this
and
it
might
not.
It
feels
like
it
provides
more
instability
that
we're
just
hacking
stuff
into
something,
as
opposed
to
coming
with
a
better
way
that
a
manifesto
is
about
this.
You
know
the
information
in
summary,
and
if
you
want
the
data,
then
you
can
get
the
data.
I.
C
I
think
you're
very
wrong.
I
agree
with
you.
Your
point
stands
for
like
the
base
image
stuff.
I
kind
of
agree
right.
It
would
be
nice
if
this
meant
exactly
one
thing,
but
for
this
it's
it's
strictly
an
optimization
right
it.
The
existing
model
continues
to
work.
Even
if
you
completely
ignore
this
field
right
and
so
there's
not
there's
no
instability
right.
It
is
only
in
the
same
way
that,
like
http,
caching,
stuff
just
works,
and
you
don't
think
about
it.
This
would
just
work
and
you
wouldn't
think
about
it.
A
D
If
you're
registering,
if
your
registry
and
or
tooling
could
make
those
optimizations,
because
I
mean
I
could
imagine
this
even
going
into
container
d-
that
it
just
likes-
looks
for
that
data
field
and
if
it's
there,
then
it
has
an
optimized
experience
and
it
like
you,
like
you,
said
you,
you
know,
don't
have
the
the
baseline
experience
on
all
registries.
But
if
a
registry
so
chose
to
implement
this
support
for
this
data
field,
then
some
clients
would
have
a
more
optimized
experience.
C
A
C
No,
absolutely
not
only
in
non-content
addressable
context
so
and
none
of
those
really
exist.
So
it's
not
a
problem.
Currently
in
my
hypothetical
listing
proposals
yeah,
the
registry
could
choose
to
populate
that,
but
it
is
a
completely
valid
implementation
to
never
populate
this
field
and
for
a
registry
unless
it,
you
know
the
registry
doesn't
have
flexibility
currently
in
basically
any
api.
It
has
to
return
what
was
pushed
to
it,
because
all
of
it
is
content,
I'm
completely
I'm
on
board
with
it.
C
Reduce
round
trips
as
much
as
possible,
yeah
and
and
to
be
clear
like
this
is
not
coming
from
me.
I
found
this
like.
I
thought
it
would
be
cool
if
we
did
this
and
I
went
to
go
at
like
create
a
pr
and
I
found
oh,
they
already
decided
to
do
this
earlier,
and
so
I
messaged
steven
day.
I
was
like
hey
what's
this
field
for,
and
he
said
exactly
what
I'm
proposing
and
so
like
this.
This
was
planned
to
exist
and
I'm
just
trying
to
drive
it
forward,
because
it's
a
great
idea.
F
F
F
Right,
I
I
think
I
I
for
sanity,
you
might
want
to
hold
this
open
or
you
know,
as
a
draft
working
in
progress
until
we
get
proof
of
concept
on
both
the
client
and
the
registry
side
and
then
and
then
you
can,
we
can
drive
it
forward
from
there.
It
might
make
more
sense
to
see
what
kind
of
optimizations
and
see
if
there's
anything
else
that
drags.
You
know
it
introduces
like
that,
the
limitation
of
when
the
client
doesn't
have
it.
Maybe
it's
too
much
data
what's
nice?
Is
you
don't
really.
C
F
C
C
C
Sure
so
we
talked
about
this
three
or
four
weeks
ago.
There
are
currently
there's
no
way
to
really
mutate
things
in
a
registry
safely,
and
I'm
talking
about
tags
specifically.
C
So
if
I
wanted
to
push
a
new
image,
let's
say
so:
okay,
the
use
case
that
came
up
is
like
when
you're
producing
multi-platform
images,
it
would
be
really
cool
to
fan
out
a
build
for
like
each
platform
to
some
build
farm.
Where
you
have
like
an
arm
machine
and
an
amd
64
machine.
It
would
be
great
if
those
could
coordinate
at
the
registry
by
say
checking
to
see
hey.
C
Does
an
image
exist
at
this
tag
already
it
does
great
I'll
append
what
I
just
built
to
that
image
and
then
update
it,
and
so
you
can
like
incrementally
build
up
a
multi-platform
image.
You
can't
do
that
today
because
of
race
conditions
that
exist
right,
so
I
might
overwrite.
What's
already
there
or
I
you
know,
I
might
not
see
someone
push
something
it
it's
a
problem
and
http
solves
this
problem
using
conditional
requests,
you
you
have
e-tags
and
then
you
have.
Let
me
see.
C
Let
me
open
this
because
I
can't
remember
the
exact
headers
but
there's
like
if
match
and
if
none
match
headers
and
there's
well-defined
semantics
and
http,
for
you
know:
hey,
don't
overwrite
this
or
only
overwrite
this.
If
the
current
value
matches
what
I
expect
it
to
be
right,
so
we
just
get
some
optimistic,
concurrency
controls
and
all
we
have
to
do
is
document
them.
We
don't
have
to
make
them
up.
We
just
say
hey,
you
know
this
is
http.
C
Let's,
let's
do
http
the
way
it's
meant
to
be,
and
that's
what
I'd
like
I'd
like
to
just
call
it
out
specifically
and
say:
hey
registry
should
return
e-tags
on
manifest
and
registry
should
respect
conditional
request,
headers.
A
No,
it
makes
sense,
because
tags
are
the
only
place
today
that
we
have
well
index.
I
guess
that's
is
another
place
index
and
tags
well,
an
index
actually
is
only
updatable
because
it's
related
to
a
specific
text
as
it
index
itself
is
its
own
digest.
So
it's
really
tags
the
only
place
in
a
registry
where
we
have
update
semantics,
because
everything
else
is
immutable.
C
Yep-
and
I
would
like
to
flush
out-
maybe
the
pr
with
more
examples
right,
but
it
really
is
just
hey,
implement
this
rfc
over
here.
Please.
A
Now
part
of
the
the
notary
stuff
we're
going
to
have
to
introduce
tag
signing-
and
this
has
been
one
of
the
things
like
in
everything
other
than
a
tag-
signing
you're
just
signing
a
digest.
So
that's
relatively
easy.
You
want
a
signature
to
be
associated
with
something
you
want
to
be
able
to
add
signatures
later
on,
and
you
can
add
them
to
a
digest,
because
that's
the
basic
design
to
add
something
to
a
tag
which
can
be
updatable,
that
there
is
some
conditions
there.
That
would
be
great
to
have
put
some
locking
around
it.
C
Yeah,
so
I
don't
know
if
anyone
thinks
that's
a
terrible
idea,
I
think
it's
pretty
straightforward.
I
would
love
people
to
give
feedback
or
maybe
add
their
own
use
cases
or
examples,
and
then
I
can
I
can
keep
pushing
on
it.
We
probably
don't
want
this
for
1.0
of
the
spec,
but
maybe
one
point
whatever
I
don't
know.
A
From
an
across,
I
don't
know
whether
we
do
I'm
doubting
we
do,
but
if
we
don't,
we
should
like.
I
I
do
we.
This
has
been
a
problem.
We,
the
geo,
replication
stuff.
This
is
one
of
the
places
where,
because
we
support
master,
you
know
active
active
scenarios.
There's
there
are
places
where
this
kind
of
thing
has
showed
up.
This
really
doesn't
completely
solve
it,
but
it
gets
closer
to
solving
some
of
the
individual
region
updates.
G
A
It's
like
you
made
it
more
granular,
you
didn't
really
tie
it
to
multi-york,
manifest
updates
right
or
the
index
updates.
It's
not
like,
because
there's
been
other
conversations
we've
been
debating.
Should
a
registry
manage
the
updating
of
the
index
itself
and
there's
some
interesting
ideas
there
there
you
know
and
there's
certain
places
where
there's
good
registry
specific
implementations
to
kind
of
innovate
in
that
space.
This
isn't
going
that
far.
A
This
is
simply
just
saying
that
look,
there's
contention
on
an
updateable
element
of
a
registry
it'd
be
great
if
we
had
a
better
semantics
to
be
able
to
handle
that
and
have
that
defined
in
the
spec
again
back
to
here
is
something
that's
in
the
spec
that
it
should
work
consistently
across
registries,
because
we've
implemented
whatever
version
of
the
spec,
assuming
we
could
ever
get
a
1-0
out,
but
yeah
to
get
this
clarified
would
be
great.
C
Cool!
That's
it
for
me,.
B
All
right,
I
I
don't
know
if
my
mic
is
working
but
yeah
like
the
conditional
request
stuff.
I
see
that
there's
a
must
in
there.
B
C
So
you
wouldn't
supply
e
tags
for
in
your
responses,
the
the
must
is
guarded
by
an
if
and
that,
if
conceptually
it
cannot
exist.
If
the
registry
doesn't
support
e-tags
for
manifest.
B
But
like
e-tags
are
also
provided
by
like
proxies
and
such
like
cloudfront.
C
Sure
most.
B
I
mean
sure
yeah
like
putting
squid
or
apache
in
front
of
the
registry
automatic
like
it.
It
automatically
generates
these
tags
and
I
I
think,
that's
like
non-standard
behavior
to
change
that,
because
it
means
that
downstream
components
like
cloud
front
wouldn't
be
able
to
cache
your
images
or
your
layers.
C
C
Me,
okay,
I'll
I'll,
add
that
to
the
pr
we
can
keep
going.
If
no
one
else
has
concerns
or
questions.
F
Did
did
you
want
to
try
to
get
this
into
the
first
release,
or
were
you
thinking.
C
B
A
Yeah,
I
think
I
I
I'd
defer
to
josh
and
others
have
been
trying
to
get
the
1-0
out,
but
I
think
that
they're
we've
had
1-0
cued
for
a
year.
Two
three.
A
Cool
all
right
moving
on
next
one
was
two
wait.
Was
that
no,
that
was
the
document
condition
request.
The
next
one
is
damn.
H
Yeah
hello:
I
opened
an
issue
with
a
bunch
of
text,
explain
some
motivations
and
use
cases
and
design
discussions
as
well
as
an
accompanying
pull
request
to
kind
of
visualize.
The
exact
concrete
changes
we're
proposing
against
the
distribution
repo,
so
both
links
should
be
in
here.
H
A
H
Yep,
it
is
cool
people
can
see
now
I
have
to
switch
because
it
immediately
open
in
a
new
tab
when
I
click
the
link
all
right.
So
here
is
the
pull
request.
We
can
see
a
diff
and
then
the
longer
discussion
is
in
the
issue
which
I'll
jump
to
in
a
second.
After
we
talk
about
this.
The
summary
here
is
that
to
propose
make
another
kind
of
concrete
self
freestanding
proposal
on
ways.
We
can
start
linking
objects
in
a
registry
and
even
not
in
the
registry,
as
we
propose
here.
H
This
covers
a
lot
of
the
same
use
cases
as
the
proposal.
I
think
it's
in
the
open
containers,
artifacts
repo
as
a
draft
pr,
but
the
the
real
use
case
is
around
signing
containers.
You
can
build
up
john,
it
gets
excited
because
you
can
do
a
whole
bunch
of
other
cool
stuff
when
you
can
do
linking
this
way,
but
the
real
thing
I
want
to
use
this
for
and
the
reason
I'm
pushing
forward
is
because
we
want
better
support
for
signing
of
containers
and
other
artifacts.
H
H
If
that's
an
issue,
so
I'll
just
go
back
here,
actually,
here's
the
my
proposal
explaining
the
background
how
I
designed
this
goal
of
making
this
as
backwards
compatible
and
as
easy
to
implement
and
as
small
of
a
change
as
possible,
while
still
enabling
all
of
the
use
cases
and
requirements
that
we've
identified
for
signing
of
things.
H
The
link
pr
here
again
shows
the
exact
small
set
of
changes.
There's
some
examples
of
what
this
looks
like
to
try
to
keep
this
minimal.
We
use
the
existing
types
that
we
have
instead
of
making
up
new
types,
so
the
these
references
actually
take
the
form
of
a
descriptor.
H
So
it's
basically
one
new
field
on
image
index
and
descriptor
as
well,
which
is
the
one
that
powers
some
really
complex
use
cases
to
reference.
Another
descriptor,
then
this
is
all
in
one
change
now
to
make
it
kind
of
self-contained.
H
But
this
also
does
propose
one
other
change
to
the
distribution
spec,
which
we
can
turn
into
a
pr
there.
If
we
decide
to
move
this
forward
of
one
new
read
on
the
api
to
get
the
references
associated
with
an
object,
so
most
of
the
stuff
is
in
here
there
is
this
one
extra
change:
we've
discussed
some
of
the
implications
for
registries
and
how
they
might
implement
that
below
got
some
example.
H
There's
also
the
one
main
alternative.
I
considered
that
I
discussed
here
and
why
we
didn't
like
it,
but
there's
a
way
to
do
this,
with
no
changes
to
any
of
the
existing
types,
with
only
some
registry
side
changes
that
would
look
sort
of
like
this,
where
you
would
push
something
by
pushing
it
under
an
existing
reference,
rather
than
pushing
it
to
the
top
level
and
that
works
with
get
and
delete,
and
everything
like
that
too.
H
I
like
this
one
at
first,
but
after
I
thought
about
it
a
little
bit
more
and
talking
to
john,
I
said
the
the
other
one's
probably
cleaner,
even
though
it
does
require
the
type
changes
instead,
so
yeah
feel
free
to
take
a
look
at
these
only
got
them
a
couple
hours
before
the
meeting.
Apologies
for
that,
but
I
did
want
to
get
this
out,
so
we
can
start
discussion
and
figure
out
if
this
is
a
good
path
forward.
D
What
what
do
you
think
your
or
what
are
your
feelings
on
if,
if
garbage
collecting,
if
something
has
references.
H
I,
like
it
john
says
that
we
should
leave
that
up
to
the
registries
to
decide
if
they
want
to
do
some
registers,
don't
even
garbage
collect.
You
know
things
attached
to
tags
when
they
get
deleted.
H
So
I
think
in
general
this
gives
registries
the
information
they
need
to
garbage
collect
if
they
want
to,
but
it's
up
to
them
if
they
want
to
yeah,
because
that.
D
Was
even
something
that
kind
of
stalled
stalled
me
and
a
few
of
us
out
when
we
were
talking
about
like
the
ex
that
extensions
pr
that
I
know
steve
you've
referenced
a
few
times
of
like
adding
these
extensions
that
might
bring
new
references.
You
know
like
pushing
pushing
that
kind
of
decision
all
the
way
back
like
eventually
it's
just
it's
not
an
extension.
It's
a
whole
feature
that
you
have
to
bring
on
or
not
right
like
garbage
collection,
because
I
don't,
I
don't
think
it
should.
D
I
mean
like
they
could,
but
they
don't
think
they
should,
because
it
could
be
that
I
push.
I
might
even
push
a
signature
to
my
repo
that
I
can
address
or
something
that's
in
another
registry
that
I
tested
completely
unlinked.
I
don't
even
have
access
to
push
or
relate
to
that
other
other.
I
don't
have
privileges
to
that.
You
know
ubuntu
image
and
docker
io,
but
I
pushed
it
to
vbats
on
quay
or
whatever
and
saying
like
I
test
attest
to
it
somehow.
H
You're
convincing
me
more
that
john
was
right
and
that
this
text
is
correct.
Registries
are
free
to
implement
garbage
collection,
as
I
see
fit.
That's
how
I
put
it.
I
like.
D
H
You're
completely
right,
though,
I
think
the
the
other
alternative
we
have
here
would
make
it
more
clear.
The
garbage
collection
wouldn't
make
sense,
because
you're
actually
pushing
it
under
something
else,
and
so
yeah
moving
it
to
the
top
level
and
then
saying
you're
free
to
do
whatever
you
want
just
make
it
clear
to
your
users
makes
sense
to
me.
C
C
Right
so
so
there
are
a
couple
I
have
a
couple
like.
I
want
to
bike
shed
this
a
little
bit
points
and,
depending
on
how
that
goes,
this
gets
really
powerful,
but
also
a
little
crazy
like
right
now.
Reference
is
a
is
an
object.
It
is
just
one
thing,
but
why
not?
Let
that
be
a
list
say
and
then
you
can
create
like
arbitrary
trees
of
this
stuff,
really
dags
of
this
stuff.
C
D
C
C
D
C
Go
break
shots
yeah,
the
other.
The
other
point
I
thought
was
interesting
is
that
going
back
to
the
base
image
discussion?
You
know
this
kind
of
works
for
that
right,
so
I
could
push
up
a
some
artifact
that
references
the
image
I
care
about
and
says
like
hey.
These
are
all
of
the
inputs
to
your
build
and
I
could,
instead
of
having
it
embedded
in
the
manifest.
I
could
have
this
external
reference
to
contain
all
that
information
that
I
care
about.
You
might
want
to.
C
A
A
A
We
also
had
another
references
collection
that
could
reference
things
that
were
outside
of
that
repo,
so
that
enables
like
the
helm
chart
to
be
able
to
say
these
images
it
references
you
can
actually
copy
things
across,
but
that's
the
one
that
I
think,
john.
You
push
back
on,
specifically
that
you
didn't
want
to
be
able
to
support
things
cross,
repos,
so
vincent,
that's
kind
of
the
challenge
we've
been
facing
is:
should
you
be
able
to
loosely
reference
something
outside
of
the
image?
A
A
Thing
that
we
should
consider
adding
later
on,
but
I
wanted
to
handle
the
direct
linkage
first
and
then
then
get
into
the
loose
references.
C
So
I
right
so
so
this
pulls
out
some
of
that
in
and
in
a
slightly
different
way.
I
think
so
have
like
this
enables
cross
repository
things.
If
you
really
want
them
right,
so
you
could
have,
because
this
is
effectively
a
weak
reference
to
an
object
right.
You
could
have
in
the
urls
field,
like
hey,
I'm
referencing
this
thing
over
somewhere
else
and
and
that's
a
way
we
already
do
that
today
to
to
reference
objects,
not
in
the
same
link
base.
C
So
that's
like
composing,
two
properties
of
a
descriptor
to
achieve
a
very
complicated
thing,
which
is
you
know,
multi-repository
artifacts,
but
so
the
my
problem
with
that
mostly
was
like.
If
you
expect
a
registry
to
maintain
some
that
relationship
across
repository
boundaries,
that's
really
complicated.
But
if
you
let
the
registry
say
like
oh
a
reference,
you
know
I'm
not
going
to
count
these
weak
references
as,
like.
C
You
know,
pinning
garbage
collection
stuff.
This
gives
you
a
different
kind
of
descriptor
that
can
have
different
properties
within
the
registry,
and
so
I
think
this
solves
that
in
a
little
and
kind
of.
F
A
So
so
it's
not
just
the
weak
and
strong
connotation.
It's
the
downward
or
upward
reference,
also
kind
of
thing
like
a
manifest
that
has
layers.
None
of
those
aren't
just
strong
references,
because
that's
the
thing
that
defines
the
thing
right,
like
a
manifest,
has
to
have
layers
in
it
before
the
manifest
can
be
uploaded.
A
The
the
thing
that
we're
trying
to
do
with
the
s-bombs
and
signatures
is,
I
can
upload
things
after
it's
been
in
a
registry,
so
you
similar
to
a
manifest,
can't
be
accepted
until
the
blobs
have
been
accepted.
You
want
to
make
sure
that
the
thing
that
you're
referencing,
whether
it
be
through
a
references,
collection
or
manifest
collection,
you
want
to
say
whether
that
thing
must
exist
before
it
to
be
accepted
or
it
can
exist
before
it's
accepted.
And
how
do
you
differentiate?
Those
two.
C
Yeah,
I
think
that's
why
we
want
to
make
it
a
new
field.
So
one
of
my
one
of
my
problems
with
the
current
artifacts
manifest
proposal
is
that
it
reuses
the
manifests
field
to
have
new
semantics,
and
so
I
could
come
up
with
a
bad
registry
implementation
that
considers
those
strong
references,
because
it
looks
a
lot
like
a
manifest
list.
By
putting
this
in
a
separate
thing
and
we
we
can
have
the
freedom
to
define
what
this
field
means,
and
I
I
think
you.
C
This
is
a
weak
reference.
Anything
under
the
reference
field.
That's
a
weak
descriptor,
so
it
it
may
not
exist
in
the
registry
right.
D
F
C
C
F
C
C
Right
right,
and
so
that
so
the
registry
part
is
the
like
backwards,
pointing
part
right.
We
don't
really
need
to
store
new
information
technically
right.
All
of
this
is
in
the
content,
so
you
could
satisfy
an
implementation
of
the
like
index
by
just
crawling
every
single
thing
in
a
repository
and
and
populating
it
as
you
need,
but
yeah.
What
I
was
talking
about
earlier
was
the
content
referenced
by
the
reference
descriptor
and
not
the
containing
descriptor
may
not
be
present
in
a
repository.
F
C
Yeah
and
so
the
what
gets
tricky
is
like
what
you
know
populating
the
response
from
the
registry.
When
you
ask
it
hey
tell
me
every
manifest
that
references
this
subject,
that's
hard
right.
Most
of
the
hard
part
is
there,
but
deciding
on
how
we
express
that
relationship
in
the
format
is
what
we
want
to
accomplish
here.
I
think
but
yeah.
A
Reverse
lookup
thing
is
basically
you're,
not
looking
for
a
specific
signature
per
se
you're
looking
for
an
artifact
that
the
wordpress
image
and
does
it
have
a
signature.
So
it's
you
kind
of
you
want
to
start
with
the
wordpress
image
and
then
decide.
Does
it
have
a
specific
signature
that
allows
you
to
pull
it,
and
that's
the
reverse
link
api
that
the
registries
don't
support
today.
It
knows
how
to
find
an
image
and
the
layers
for
that
image.
It
doesn't
know
how
to
excuse
me
find
other
artifacts
that
are
referencing.
C
Here,
yeah,
so
the
yeah,
so
at
the
end
of
the
day,
what
we
want
is,
I
want
to
ask:
hey
docker
hub,
tell
me
every
single
thing
that
references
ubuntu
and
when
I
say
references
I
mean,
has
embedded
in
it.
This
reference,
descriptor
and
so
registries
now
are
obligated
to
index
the
stuff
right,
and
so
that's
a
big
change.
But
if
we
all
agree
on
it
and
we
all
implement
it,
then
wow
we've
got
this
magical
thing.
A
A
The
the
challenge
that
we've
been
facing
we
went
through
this
with
the
artifacts
is:
what
can
we
change
in
the
manifest
as
it
exists
today,
because
there's
not
good
versioning
and
everybody
was
like
super
nervous
about
making
changes
to
image
manifest
and
image
index,
so
the
what
all?
What
the
the
only
real
difference,
I'm
seeing
here
in
addition
to
the
fact
that
it's
a
collection
or
single,
is
whether
we're
changing
the
existing
manifest
or
we're
adding
a
new
manifest,
so
that
there's
no
breaking
changes
to
the
tooling.
That's
already
using
this
today.
C
So
I
think
I
think
you
and
I
are
getting
tripped
up
over
incompatible
terminology
where
there's
a
difference
between
something
that's
backwards
compatible
and
something
that
is
a
breaking
change.
I
prefer
if
we
can
make
backwards,
compatible
changes,
but
I
refuse
to
make
breaking
changes
and
I
don't
think
that
this
is
a
breaking
change.
C
This
is
a
backwards,
incompatible,
change
right,
because
regis
clients
now
have
to
do
new
things,
but
it
doesn't
break
existing
behavior
in
any
way.
That's
purely.
A
When
we
added
the
artifacts,
when
we
proposed
that
an
artifact
type
property
to
the
manifest
or
some
other
things
so
like
derek-
should
be
here
for
some
of
these
other
conversations
which
they
don't
see
them
here.
But
that
was
explicitly
why
we
didn't
go
down
that
path
and
why
we've
been
going
down
a
new,
manifest
proposal.
C
A
Yeah,
I
think
anybody's
proposing.
Well,
I
think,
that's
the
argument
for
this
is
that
the
schemas
today,
don't
the
clients
today
would
not
work
well
when
new
elements
show
up
in
the
manifest.
I
didn't
think
that
that
should
be
a
change.
I
mean
anything
should
be
able
to
ignore
new
properties.
That
would
be
my
argument.
A
That's
that
way
I
would
expect
to
write
code,
but
apparently
enough,
clients
today
that
didn't
handle
that
well,
and
there
was
a
huge
concern
around
that,
which
is
why
we
wound
up
using
the
config,
the
manifest
config
media
type,
because
there
was
no
comfort
in
adding
another
property
because
it
is
additive.
I
completely
agree
with
you,
but
that's
that's
how
we
wound
up
where
we
did,
because
there
was
no
comfort
in
that.
A
The
same
reason,
why
that's-
and
that
is
the
reason
why
we've
got
a
new
manifesto-
that's
not
breaking
it
is
additive,
and
it
gives
us
the
opportunity
to
be
very
definitive
around
the
rules
around
delete
and
reference
counting
the
manifest
collection
which
again
we
can
name
anything.
We
want
the
reason
it's
a
manifest.
Collection
is
because
it
is
referencing
manifests
as
opposed
to
blobs,
and
we
can
then
define
semantics
if
it
references
a
manifest
that
it
doesn't
have
a
tag
it
should
get
deleted.
A
If
it
has
a
tag,
it
gets
ref
counted
and
it
can
still
be
there.
It
allows
us
to
give
us
those
same
semantics
and-
and
there
is
a
collection
because
we
felt
like
while
we
don't
have
a
more
than
one
scenario
yet
there's
we
want
to
make
sure
that
we
can
add
a
more
than
one
scenario
and
then
the
links
api,
we're
basically
saying
the
same.
C
Thing
yeah
there's.
I
don't
think
we
have
time
to
really
dig
in.
I
have
opinions,
but
I
yeah
I
would
like
feedback
on
this
and
please
bike
shed,
especially
things
that
I
want
a
bike
shed
like.
Should
this
be
a
list?
Is
there
a
better
name
than
reference?
I
came
up
with
subject
or
subjects.
I
think
that
might
that's
maybe
more
specific,
but
I'd
would
love
to
continue
this
discussion
on
the
pr
or
the
issue.
A
Yeah
we're
at
three
just
reminder:
please
get
things
in
the
hack
docs,
so
we
people
can
plan
appropriately
for
their
schedule.
It's
this.
We
we're
gonna,
cancel
and
showed
up
last
minute,
so
I
don't
know
if
that's
why
we
have
fewer
people
today.
So
thanks
folks,
we'll
pick
it
up
and
watch
the
recording
and
we'll
pick
up
next
week.