►
From YouTube: OCI Weekly Discussion - 2021-06-16
Description
Recording from the OCI weekly developer's call; agenda/notes here: https://hackmd.io/El8Dd2xrTlCaCG59ns5cwg?view#June-16-2021
A
I
think
we
have
probably
about
as
many
as
we're
going
to
get
did
you
want
to
go
ahead
and
finish
up
your
discussion,
we're
on
automatic
content,
discovery.
B
And
I
wanted
to
see
if
people
had
anything
more
to
say
or
you
know
whatever.
B
Sure
I
mean
I
don't
think
that
presenting
the
thing
is
necessarily
the
most
best
idea,
just
because
it's
a
lot
of
text,
but
I
guess
restate.
The
original
issue
was
described
as
a
mechanism
to
deduplicate
uploads
in
a
registry
between
repositories,
because
what
we
found
is
there
are
many
common
layers
between
our
repositories
that
end
up
getting
duplicate
uploads
when
we
do
something
in
ubuntu
upgrade,
let's
say.
B
And
this
literally
results
in
you
know
like
a
non-negligible
number
of
redundant
uploads
in
order
to
potentially
avoid
the
situation,
one
idea
might
be
to
go
ahead
and
allow
for
arbitrary
deduplication
or-
and
we
kind
of
had
this
capability
already
in
the
mount
api,
and
there
were
some
ideas.
If,
if
we
could
do
this
in
situation,
we
we
mean
we,
everyone
like
the
oci
community
adrian-
is
that
so
the.
B
Our
very
specific
use
case
is
that
we
have
one
registry
that
people
develop
out
of
and
then
a
bunch
of
registries
people
will
go
ahead
and
deploy
into
so
with
the
cross
mount.
What
happens
is
docker
doesn't
know
or
whatever
the
development
tool
that
we
use
doesn't
know
that
those
other
repositories
have
been
pushed
to
all
those
registries
that
are
the
production
registries,
so
it
can't.
It
doesn't
know
that
it
can
do
a
crossbow
here
and
in
this
situation
we
were
like.
B
Is
there
a
way
to
do
this
safely
in
a
way
that's
secure
where
there
is
an
access
model
that
has
well
any
kind
of
access
model
right,
any
kind
of
access
restrictions
between
repositories,
especially
without
disclosure,
right
of
security
information.
B
D
B
B
In
the
pr
it
is
fine
and
they
commit
to
strongly
suggest
that
users
do
not
do
this
in
a
security
model
where
they
are
trying
to
keep
the
knowledge
of
blobs
confidential
between
different
repositories
or.
B
Yeah
yeah,
exactly
if
I
mean
you
can
do
this
with
any
offset
authentication
authorization
model
in
theory
that
I
know
of,
but
it's
just
really
ugly
to
do
it
and
maintain
100
confidentiality.
E
E
So
we
know
that
those
are
always
accessible,
and
so
we
can
look
those
up
and
we
don't
care
to
leak,
the
information
that
they
do
or
do
not
exist
because
we're
only
looking
in
these
public
spaces,
and
so
this
this
lets
us
short
circuit
like
lots
and
lots
of
traffic.
That
would
otherwise
have
to
be
uploaded
for
a
thing,
that's
known
public
and
is
easily
accessible.
So
I
think
that's
a
kind
of
similar
application.
You
don't
have
to
think
about
the
overall
registry
auth
model.
If
you
have
any
concept
of
like
public
things,.
A
E
E
B
I
think
that
there
might
also
be
a
small
bug,
it's
unrelated
to
this,
where,
if
the
blob
exists,
it
doesn't
give
a
201
but
that's
unrelated
to
this,
but
it
should
give
a
201
if
it
already
exists
from
in.
In
that
specific
repository.
A
B
So
I
mean
there's
test
cases
in
the
attached
reference
implementation-
it's
not
plumbed
through
to
the
outside
configuration
of
docker
distribution,
which
I
can
do
if
you
want,
but.
A
B
I
mean
we'd
certainly
want
so
it
seems
like
there's
two
this
I
don't
know
if
the
conformance
test
is
actually
very
good
on
this.
We
would
want
to
add
this
to
the
conformance
tests,
but
we
shouldn't
need
to
like
we
should.
We
should
add
the
does.
The
blob
already
exist
to
the
conformance
tests,
but
I
think
that
is
a
unrelated
point
to
the
pr
or
to
get
the
vr.
C
B
Yeah
I
mean
the
first
step
would
be
to
get
this
merged
into
the
distribution
spec.
Getting
this
into
docker
distribution
should
be
relatively
easy.
I
mean
other
than
the
fact
there's
like
one
one
person
reviewing
pr
as
it
seems
and
there's
a
massive
backup
of
yours
but
the
clients.
You
know.
B
If
you
go
ahead
and
merge
this
into
the
spec,
the
client
should
be
able
to
adopt
it
like
tomorrow,
and
the
fallback
behavior
based
on
the
specification
should
always
had
like
be
okay
with
registries
that
don't
implement
the
new
capability.
E
Yeah,
but
my
only
concern
with
rollout
there
is
like
I
expect
some
registry
returns
of
4xx
in
this
case.
Really
you
didn't
supply
from
so
I'm
going
to
bail,
so
a
client
may
need
some.
You
know
ideally
right.
Everyone
adopts
this
method
right
because
we
can
collapse
the
an
existence
check
and
like
an
opportunistic
deduplication
and
the
you
know,
I'm
going
to
start
uploading
requests
all
into
one.
So
we
get
rid
of
all
these
round
trips,
which
is
great.
But
for
that
to
happen,
registries
must
return
the
correct
thing.
E
E
B
Fails
to
upload,
you
know
202,
but,
yes,
the
clients
might
have
to
handle
bad
registries
and
it
turns
out.
I
tried
to
implement
this
in
a
different
registry.
They
did
not
correctly
implement
the
fallback
behavior
for
the
front
mount
so
hence
I
went
to
distribution
instead.
A
E
It
might
be
nice
to
write
up-
maybe
not
as
part
of
the
pr
but
like
how
we
expect
the
sequencing
of
rollout
to
work.
B
Commit
git
commit
please,
because
github
is
not
super
great.
F
Floor
yeah
vincent
had
image,
spec
issue
pr
grooming,
so.
I
Come
up
and,
like
literally,
was
in
the
car
trying
to
download
zoom
and
get
it
on
my
phone
again,
so
I
might
have
to
put
that
put
that
off
to
an
actual
meeting
like
I
said
I
would
last
week,
but
I
got
I
got
a
couple
of
folks.
You
know
asked
if
I
wanted
to
do
any
kind
of
q
a
on
the
throwing
the
flag
email
that
I
did
and
then
it
might
just
roll
into
the
kind
of
grooming
piece.
I
But
I
try
my
best
to
be
clear
sometimes,
but
if
the
email
was
confusing
to
anybody,
I'm
welcome
to
take
any
questions
right
now,
but
hopefully
the
biggest
thing
is
that
finding
a
way
forward
for
all
the
folks
that
are
involved
and
people
who
consider
themselves
lurking
or
otherwise
bystanders
that
we're
in
agreement
that
there
there
are
some
changes
that
are
needed.
I
There
are
like
existing
things
that
we
defend
and
the
you
know
have
defended
in
the
distribution
and
image
spec,
and
otherwise
that
we're
working
towards
kind
of
a
common
goal
of
having
ways
to
work
with
all
these
different
artifacts
and
that
everybody's
on
the
same
page.
But.
H
I
F
G
It
seems
to
me
that
well
so
I
I'm
not
speaking
for
dan,
but
it
seems
to
me
that
the
purpose
that
what
he
was
trying
to
accomplish
with
his
proposal,
which
is
to
add
references,
was
a
minimal
change
to
the
spec.
I
It's
a
good
question,
so
the
the
focus
would
be-
and
I
think
that's
where,
like
there
are
aspects
of
references
in
some
of
the
threads
that
are
happening
and
even
like
branches
that
are
happening
in
the
artifacts
repo
to
try
and
tease
out
what
that
would
look
like
and
possibly
even
proof
of
concepts
in
different.
You
know,
forks
of
the
distribution
registry.
I
Code,
but
they
they're
they're
large,
and
I
think
one
of
the
big
things
that
we
need
to
all
the
maintainers
to
be
on
the
same
page
about
is
kind
of
decomposing,
those
and
breaking
them
down
into
incremental
pieces
so
that
it
doesn't
look
like
a
substantially
different
kind
of
spec,
and
so
it
is
my
fault
that
we're
all
on
the
same
page
as
that,
some
of
these,
like
incremental
pieces,
where
we
can
focus
on
maybe
the
references
aspect
of
it
or
making
certain
things
more,
generic
or
not,
really
generic.
I
It's
still
incremental
pieces,
like
the
references
conversation
such
that
they
can
work
their
way
back
into
the
existing
spec
and
effectively
have
you
know
some
amount
of
like
not
breaking
existing
clients,
but
having
like
forward
compatibility
as
well,
and
that
those
kind
of
things
just
take
a
level
of
review
and
sometimes
even
a
review
of
a
proof
of
concept
that
effectively
they're
small
enough
or
even
this
is.
This
is
something
that
you
know.
Historically,
even
we
got
into
nitpicky
like.
Would
this
be
a
v
a
v
one
dot
o
dot?
I
You
know
next,
or
would
it
be
like
a
v
1.1
where
you
could?
You
know,
like
semantic?
Versioning,
really
doesn't
work
well
in
the
spec
sense,
but
if
it's
like
small
and
incremental
enough,
but
it
basically
bolts
on
to
what
we
already
have
in
here's
it
board,
then
I
think
that's
fine
again
I
the
spec
is
not
frozen.
You
know
I
can
speak
with
whatever
authority
being
just
one
of
the
maintainers,
but
the
spec
is
not
frozen.
I
It
just
has
to
have
enough
review
of
the
folks
that
have
you
know
kind
of
like
maintainership
of
it
and
otherwise
they're
involved
to
say
yeah,
that's
an
incremental
change
and
we
can
like
slowly
add
out
this
feature
set
without
breaking
what
we
already
have
in
production,
and
it
also
enables
us
for
future
use
cases.
G
G
Oh,
I
have
actually,
I
have
a
follow-up.
I
forgot
to
sorry
so
so
vincent
does
that
do
those
conversations
happen
in
these
meetings
or
is
there
going
to
be
a
separate
forum
for
it.
I
I
I
think
the
thing
that
we
all
should
you
know
work
towards
is
maybe
not
brevity,
but
just
at
least
clarity
of
like
how
here's,
how
the
work's
evolving,
if
it's
not
all
in
one
issue,
on
a
github
issue
like
if
it
ends
up
having
to
track
out
the
different
conversations
and
they're
related,
maybe
it's
time
for
a
doc
or
something
else
if
they
can
be
one-off
conversations
in
a
and
you
know
just
working
something
through
through
asynchronous
stuff,
like
email
or
slack.
That's
fine.
I
I
love
in
person
conversations
like
there's
there's
times
when
these
kind
of
chats
are
necessary
just
to
work
through
specific
topics
or
at
least
give
time
to
something
that
isn't
working
in
you
know
github
prs
and
issues,
and
historically
we
found
that
you
know
like
sometimes
things
were
just
happening
completely
on
github
issues,
and
that
was
fine.
Sometimes
they
bubbled
up
into
the
general
call,
and
sometimes
we
just
had
to
set
aside
times
for
like
this
is
kind
of
like
an
image
that
call,
or
you
know,
run
time.
I
Spec
call
you
know
back
in
the
day,
I
was
like.
No
other
maintainers
really
need
to
worry
about
joining.
If
you
don't
want
to
it's,
not
a
general
call
but
anybody's
invited
to
sit
and
participate
if
they're
interested
in
that
particular
topic,
and
sometimes
those
are
very,
very
useful.
Just
like
really
work
on
this.
You
know
certain
agenda
so
really
whatever
works
best.
A
Yeah,
I
prefer
if
we
could
get
together,
maybe
maybe
that
can't
happen
yeah,
but
that
would
be
nice.
You
know
one
thing
we
could
do
vince,
I
don't
know
we
think
we
could.
We
could
split
this
call
up
into,
and
you
know
every
other
week
is
specifically
targeting
dot
one
extensions
in
this
kind
of
area
or
some
other
scheduled.
You
know,
pre
pre-decided,
you
know
plan
we
another.
Let's
use
this
call
next
week
to
talk
about.
I
I
I
If
we
do,
you
know,
determine
like
this
is
fundamentally
different.
It
needs
to
be
a
v2
that
doesn't
mean
that,
like
like,
I
don't
want
to
increase
the
burden
on
folks
like
that
is
keep
things
as
incremental
as
possible,
and
that
just
takes
actually
some
amount
of
consensus
and
sometimes
like
going
back
and
reworking
something
reworking.
I
I
It
didn't
happen
on
the
open
channel,
even
though
I
just
said
you
know,
but
that,
but
it
was
kind
of
interesting
because,
like
steven
day
was
piping
in
he's
not
always
very
active,
but
at
least
like
go
brainstorms
and
stuff
and
he
was
citing
some
of
the
pr's
from
like
back
in
2014
2015
era
of
some
of
the
same
stuff
that
we've
like
iterated
on
and
like
the
same
kind
of
proposals
that
had
different
different
threads
and
we
almost
reached
consensus
before
other
things
happen,
and
it's
it's
so
it's
like.
I
None
of
these
are
new
ideas,
and
I
think
we've
got
enough
lessons
learned.
We
just
actually
have
to
get
down
to
actually
the
technical,
technical
details.
You
know
implications
of
it
and
just
work
through
it.
Incrementally
I
think
that's
that's
the
best
way
forward.
A
I
A
Yeah
I
mean
you
need
you
need
an
initial
meeting
to
decide
the
cages.
You
know
meeting
for
a
meeting
right,
but
I
think
that's
what
people
are
asking
for.
I
think
I
wasn't
the
only
person
what
I
think
that
might
be
what
niche,
what
what's
that
next
step?
How
how
is
it
going
to
happen?
Where
is
going
to
happen
some
somehow
that
has
to
happen
right,
decide
where
we're
going
to
be
discussing
this.
G
A
I
Sometimes
sometimes
the
inverse
happens
where
we
have
really
good
discussion
and
not
enough
maintainers
on
the
call
and
that's
frustrating.
A
J
Yeah,
I'm
kind
of
curious
like
how
does
this
change
the
sort
of
working
group
model
that
we've
been
talking
about,
because
that
that
seems
like
a
solution
that
was
also
designed
to
address
that
same
thing.
It's.
I
Almost
in
the
same
vein
of
it,
because
I
think
some
of
the
some
of
the
pieces
that
we're
trying
to
reconcile
is
that
even
like
with
the
artifacts
working
group
and
some
of
these
pr's
that
become
kind
of
proposals
proposal
level
like
what
to
what
extent
is
you
know
a
proposal
affecting
multiple
specs
and
or
is
it
a
breaking
change,
or
what
not
like
ensuring
that
something
has
that
kind
of
level
of
review
was
part
of
the
problem?
I
We
recently
had
a
t.o.b
call
about
putting
in
a
working
group
model,
so
it's
all
in
the
same
vein.
It's
just,
I
think
part
of
this
is
even
going
to
be
kind
of
like
retroactively,
saying
like
this
actually
should
have
had
better
scoping
or
review
or
whatnot.
What
was
the
success
and
all
this
kind
of
stuff,
so
that's
kind
of
a
growth
pain
that
we'll
have
to
just
go
back
and
kind
of
figure
that
out
what
would
have
been
success,
criteria
and
otherwise
and
making
sure
that
all
the
things
were
reconciled.
I
The
working
group-
I
just
chatted
with
amy,
scored
apparent
this
afternoon
when
I,
when
you
talk
when
asking
about
the
subject
line,
email
anyhow,
she
said
that
there
is
they
from
the
tob
call
we
had,
they
had
sent
off
and
gotten
some
like
working
group.
You
know,
wording
put
together
and
there's
a
few
like
feedback
that
we
have
on
that.
She's
got
some
updates
to
post.
We
should
have
something
official
about
the
like
working
group
model
in
general.
I
J
I
don't
know
if
other
people
feel
this
way,
but
one
of
the
things
that
I
have
been
struggling
with
finding
a
place
to
contribute
where
it
seems
like
we
have
several
prs
that
have
been
proposed,
but
then
there's
no
real
place
for
the
respective
owners
of
those
prs
and
other
people
who
are
interested
to
actually
iterate
on
anything.
And
so
instead,
we
just
kind
of
make
comments
and
you
know
have
dm
conversations
and
then
cause
you
all
to
have
to
send
emails
and
be
nice
to
get
a
place
where
we
can.
J
You
know
iterate
on
the
on
the
proposal
that
allows
us
all
to
merge
onto
something
that
doesn't
necessarily
mean
that
we
have
like
made
anything
final.
Yet.
F
Yeah
I
mean
I
yeah.
I
definitely
think
part
of
working
groups
is,
is
establishing
a
more
formal
way
for
that
to
happen,
but
I
think
you
know,
even
in
the
discussion
we
were
just
having
about
meeting
who
needs
to
be
there
like.
I
think
the
interesting
twist
is
that
what's
being
worked
on
today
is
not
like
a
single
change
to
a
single
thing.
F
F
F
You
know
create
scripts,
to
pull
all
the
right
things
and
build
it
and
test
it,
but
yeah,
I
think
that's
one
of
the
one
of
the
complexities
of
like
not
making
a
ton
of
progress
here
is,
like
you
said,
michael,
like
it's
not
having
that
kind
of
centralized
like
hey.
This
is
our
playground.
While
we
like
figure
out,
if
these
proposals
make
sense
or
work
together
or
break.
H
F
F
Yeah,
like
like
vincent
said,
like
you
know,
not
not
to
throw
lawyers
under
the
bus,
but,
like
you
know,
we
want
to
bring
that
to
reality
as
soon
as
we
can
it's,
but
you
know
we've
vincent
and
I
both
talked
to
amy,
and
you
know
we
need
the
next
respin
of
that
language.
So
hopefully
we
can
finalize
it
and
vote
on
it
and
it's
obviously
taken
longer
than
what
we
had
hoped
to
bring
it
about.
A
I
All
right,
good
questions,
everybody!
I
don't
have
anything
else
to
add
right
now,
so
I'm
not.
I
If
you
do
have
any
questions,
you
can
think
me
on
the
general
channel
or
otherwise.
So
I'm
happy
to
do
literally
whatever
it
takes
to
keep
things
rolling,
and
it
really
is
a
reminder
that,
like
it's
it's
funny,
even
when
oci
was
getting
formed
and
back
in
the
days
of
like
cncs
and
like
people
wanting
to
ensure
that
there
was
like
a
governance
model
or
in
place
or
otherwise
and
having
opinions
in
both
directions.
I
That
one
of
the
things
that
oci
was
literally
founded
on
was
a
very
a
very
open
governance
model
and
ensuring
that
no
one
company
or
whatever,
have
too
much
of
a
sway.
And
you
know
it's
in
times
been
cumbersome,
and
it's
also
meant
that
decisions
really
did
require
more
of
a
consensus
than
ever
before.
And
I
think
I
think
we
see
that
in
some
sometimes
people
say
it's
like
hard
to
come
to
a
decision
or
whatever
in
oci
but
to
the
other
side.
I
Other
token,
like
it
was
also
put
that
way
to
protect
that
there
would
be
particular
players
get
in
and
swing
it
one
way
or
the
other
and
we've
seen
that
and
it's
like
been
the
benefit
of
it.
So
you
know
the
lawyers
under
the
bus
they've
helped
us
with
good
wording
and
we've
actually
been
able
to
hold
up
pretty
true
to
that.
I
think
the
community
is
the
better
for
it.
So
I'm
glad
you're
all
here
and
asking
questions
and
we'll
continue
carrying
it
all
forward.
D
Sure
yeah
we
can,
can
you
discuss
that
yeah,
I'm
just
going
through
so
there's
a
this
change
also
should
affect
the
detail.md
and
I'm
just
trying
to
think
of.
If
we
were
going
to
add
an
faq,
I
think
it
might
be
worthy
of
it.
Considering
it's
like
a
point:
release
change.
D
D
B
Think
it's
okay
to
add
to
the
faq
and
be
like:
don't
do
this
if
you're
doing
security
and
you
care
all
about
confidentiality
and
here's.
Why.
D
Yeah
I
mean
yeah
you're
right.
Those
are
two
scary
words
to
put
in
there
but
yeah.
I
think
that
the
faq
is
kind
of
designed
to
be
to
help
implementers
a
little
bit
so
kind
of
like
an
implementer's
guide,
so
yeah.
We
don't
need
to
put
that
in
the
official
specification,
which
should
just
be
very.
We
can
be
very
literal
about
what
what
it
does
and
doesn't
do,
including
it.
B
But
I
I
guess
the
faq
would
be
like.
Why
is
this
optional
for
registries
to
implement
and
then
the
answer
would
be
well.
D
B
No,
I
mean,
like
other
code
base
I
develop
on.
It,
turns
out
that
they
don't
have
github
so
yeah
commit
messages,
are
the
go-to,
but
the
I
think
adding
to
the
faq
is
fine.
I
I
and
then
adding
to
the
I
didn't
even
know
about
the
detail
md,
but
I
can
also
add
add
to
that.
Is
that
generated,
or
is
that
written.
D
A
D
I
mean
it's,
it's
basically,
the
similar
wording,
just
I
think,
calling
that
out
as
optional
like
I
don't
know
how
much
I
don't
think
more.
Details
necessarily
need
to
be
out
of
there.
D
B
D
Yeah,
that's
part
of
the
generated
that
was
definitely
because
of
how
they
were
generated
before
but
yeah.
We
can
clean
that.
B
I
I
I
can
fix
this
one
and
then
add
to
the
faq.
I
will
make
the
faq
commit
a
discrete,
commit
and
explain
in
the
commit
message.
Why
not
add
it
to
the
thing,
because
it
turns
out
that
capturing
all
the
nuances
is
fairly
difficult
in
this?
Maybe
a
detail-
or
this
may
be
details
that
are
only
interesting
to
implementers
and
then
I
think
I'll
make
a
different
commit
to
fix
the
detail
first
and
then
in
this
commit
we
can
actually
get
the
detail
with
the
new
terminology.