# The Moby Project Sync Meeting Notes **Scope:** the purpose of this meeting is to discuss the overall direction of the Moby project, including aspects related with governance, processes, communication, and strategy. **Meeting link**: https://docker.zoom.us/j/99023313574 **Date:** Weekly on Monday at 18:30 (GMT) ---- ## List of Topics to Keep Track Lower priority topics that we should keep track and make sure that move forward | Topic/issue | Last update | | ------------------------------------------ | ----------- | | Review high-level roadmap | | | `containerd` multiplatform UX |Feedback needed on [mutiplatform UX](https://github.com/moby/moby/issues/44582)| | improve security management process |Sebastiaan will review the list of owners and admins group before activating the built-in GH features| |EOL strategy https://github.com/moby/moby/discussions/45841| Follow-up actions, related PR https://github.com/moby/moby/pull/46772 ----- ## 2024-07-15 Present: Bruno, Pawel, Cory, Brian, Sebastiaan, Rob - Follow-up on the authz security issue - when are we shipping the fix? - define embargo date? ## 2024-07-08 Present: Bruno, Pawel, Cory, Brian, Rob, Tianon - Moby 27.0.3 released last week. Do we have any outstanding issue? - https://github.com/moby/moby/issues/48064#issuecomment-2199937490 - https://github.com/moby/moby/issues/48116#issuecomment-2214590757 - https://github.com/moby/moby/issues/48142 probably related with https://github.com/moby/moby/issues/47728 - Plans for Moby 28? - Cory - security overlayfs: https://github.com/moby/moby/security/advisories/GHSA-gxq6-w78r-55fj we need a second opinion. Experience with overlay filesystems and part of the kernel? https://docs.kernel.org/filesystems/overlayfs.html#nesting-overlayfs-mounts - related issue: https://github.com/moby/moby/issues/47962. Security issue or regular bug? - authz plug waiting for Docker Inc. to give goahead to publish https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq concerns about this Moby vulnerability and severity. - Control messaging - it's critical but users may not be impacted. Rachel Taylor invited. - Been there two months. - Pawel will ping the Security Team. - Coordination needed with Mirantis - need a week for heads-up internally. Next week call we set the embargo deadline. - Reviewing fix is cherry-picking from an old branch. - Docker Inc. Security Team to review the CVSS score - ## 2024-06-03 Present: Bruno, Sebastiaan, Cory, Laura, Sam, Derek, Rob, Brian * Patch release to include security fix for 26.1.4 and CLI fix * Moby 27 release * BK version, what other networking features are we releasing? * RC planned for the end of the week. Tracking issue https://github.com/docker/runtime-team/issues/132 * ## 2024-04-29 Present: Sebastiaan, Bruno, Cory, Brian, Bjorn, Derek, Pawel, Rob, Tianon * Issues detected on Moby 26.1 released - PRs to be included. New engine today or tomorrow * https://github.com/moby/moby/pull/47769 * https://github.com/moby/moby/pull/47771 * Topics ## 2024-04-22 Present: Bjorn, Sebastiaan, Bruno, Savannah, Tianon, Cory, Rob, Derek, Laura * docker content trust * 26.1 release expected today * Discussion about https://github.com/moby/moby/pull/47724 in Moby 25 * ## 2024-04-15 Present: Sebastiaan, Pawel, Bruno, Tianon, Cory * 26.0.1 released with networking fixes * 26.1 status? * CLI wrapper ## 2024-03-25 Present: Sebastiaan, Bruno, Rob, Drew, Cory, Tianon, Pawel, Brian, Savannah, Andrey * Patch for 26 about networking regression * ~~Cory comments it may be a red herring?~~ We need to revert * there may be another regression with containerd * Plan about 27 or 26.1 - CLI changes * CLI hooks for notifications * Allow removal of the CLI wrapper * RC planned for next week * to be included in April's Docker Desktop release * We need to check how compatible are the changes for final version number * OTEL work merged on CLI * PR to update the CLI to use compose spec instead of local implementation. Need eyes from Drew ## 2024-04-08 Present: Bruno, Pawel, Sebastiaan * Moby 26.0.1 * networking packages to be fixed - working on backportting * https://github.com/moby/moby/pull/47677 - review needed from Cory * containerd bump with latest patch and regression fix * Moby 26.1 or 27 - with CLI hooks and OTEL integration improvements * Pawel will manage the release * Changes will be mostly on the CLI side * to be included https://github.com/moby/moby/pull/47679 * * Docker Swarm ## 2024-03-18 Present: Bruno, Cory, Rob, Bjorn, Drew, Tianon, Sebastiaan, Sam, Derek, Andrey * Moby 26, cut final RC today * Waiting for BK 0.13 planned for today that will be included - fixing regression https://github.com/moby/buildkit/pull/4771 ## 2024-03-11 Present: * Moby 26 RC2 available. the non-tls api deprecation https://github.com/docker/cli/pull/4928 * VEX statements - repository will be created for the statements ## 2024-03-04 Present: * RC1 ready, tomorrow RC2 * 25 patch release tomorrow for an expected go security release. Desktop (4.29) code freeze on March 22nd * Security Advisory ## 2024-02-12 Present: Savannah, Bjorn, Bruno, Rob, Pawel, Sam, Tianon, Sebastiaan, Cory, Derek * Regressions found in the networking area. We will release a Moby 25.0. Issues not perceived as critical for Docker Desktop hence no need to speed the release to fit Desktop cycle. * Alignment for Moby 26? ## 2024-02-05 Present: Sebastiaan, Sam, Laura, Cory, Derek, Bjorn, Bruno * Moby 25.03 planned for this week with a few fixes * most patches are in. * Moby 26 planned for release in March * first RC end of February * RC 2 early March * Ship final end of March with Docker Desktop 4.29 * Should include * BK 0.13 - currently at beta 3 * should be available in the next two weeks * need maintainers support to integrate buildkit integration * Subvolumes mount * networking work - start with ipv6 support * improvements on multiplatform images with containerd * CLI go modules * Pawel will be the person in charge to lead the release * need to work on release checklists (both internal and external) ## 2024-01-29 Present: Sebastiaan, Cory, Tianon, Derek, Pawel, Savannah, Brian, Bruno, Sam * Moby 25 security update * Pawel's patches for the classic builder * buildkit fixes * runc new binaries * GHA cannot update to 25 * What do we do for 24, 23 branches? won't be fixes for CVEs * 25.03 * Swarm in the cli. Reviews asked for https://github.com/docker/cli/pull/4259 and https://github.com/docker/cli/pull/4258 ## 2024-01-22 Present: Savannah, Sebastiaan, Rob, Tianon, Cory, Pawel, Sam, Brian * Moby 25 is out. Any signal of regressions? * Moby 25.0.1 fix for MAC-address: https://github.com/moby/moby/pull/47168 * Moby 26? Target Q2, ideally in March * New features: * OTEL for the CLI * subvolumes mount * BK update * Articulation of user value for Moby 26? * Should we talk about Moby 27? * ipv6 * go-modules support * authentication and mirrors support for registry * buildkit as separate daemon ## 2024-01-08 Present: Cory, Savannah, Rob, Tianon, Derek, Brian * Any objection releasing Moby 25? * Moby 26 feature candidates * Volumes submount work from Pawel * OTEL integration in the CLI * BuildKit update * containerd 1.7? 2.0? * After 26 - decouple Buildkit, go.mod * Important note from Cory: in case we ship two binaries make sure we show the version in `info` and `output` commands ## 2023-12-18 Present: Djordje, Bruno, Cory, Sebastiaan, Rob, Derek, Tianon, Albin * Topics: * Slack community has been down * Networking POC demo from Cory * what we will do with daemon upgrades with changes on live-reloading disk state * New recurring call dedicated to networking topics on Tuesday 6pm UTC starting from Jan 2nd * ## 2023-12-11 Present: Derek, Sebastiaan, Cory, Tianon, Rob * Topics: * OTEL * Sebastiaan's Draft PR is green! https://github.com/moby/moby/pull/46830 * BETA * API Versioning from Cory https://github.com/moby/moby/issues/46890 * Open SSF * Review cadence of beta releases * Raise need for specific call around networking improvements between Docker and other maintainers/companies * Gather interested by parties * Coordinating efforts and timelines and avoid efforts duplication * Albin and Rob * Sync on progress/status on release branches docs ## 2023-11-27 Present: Rob, Sebastiaan, Sam, Pawel, Cory, Derek, Tianon * Topics: * OTEL issue need help https://github.com/moby/moby/pull/46830 * Also this one about documentation need review: https://github.com/moby/moby/pull/46772 ## 2023-11-20 Present: Sebastiaan, Derek, Bjorn, Brian * Topics: * OTEL issue https://github.com/moby/moby/pull/46830 ## 2023-11-13 Present: Brian, Rob, Bruno, Sam * Topics: * Moby 25 beta kicked * Changing the time of the Moby sync meeting - now 30 mins later at Mon 7pm UTC ## 2023-11-06 Present: Bjorn, Sebastiaan, Bruno, Cory * Topics: * Review https://github.com/moby/moby/pull/46772 ## 2023-10-30 Present: Brian, Sebastiaan, Bruno, Joseph, Derek, Cory, Brian, Albin, Derek * Topics: * 24.07 released * 25 beta will start this week * Need for a lifecycle document on the Moby project describing branches, purpose and level of support. ## 2023-10-23 Present: Djordje, Sebastiaan, Cory, Sam, Joseph, Brian, Derek * Topics * 20.10, 23 patch releases * Moby 25 beta this week? * What are next steps to move from beta to GA? ## 2023-10-16 * Topics: * Moby 25 beta - almost there. PRs pending: * https://github.com/moby/moby/pull/46646 * https://github.com/moby/moby/pull/46645 * Warming up the release pipeline * Adding support for verifying Notary v2-signed images to Moby? * Security ## 2023-10-09 Present: Bjorn, Albin, Brian, Derek * Topics: * Moby 25 - Pretty close for release. Registry mirror issue discovered by Pawel. We will start with a beta * Pawel's PR (volumes submount) * BuildKit patch release * Network security model? ## 2023-09-18 Present: Bjorn, Djordje, Pawel, Sebastiaan, Albin, Derek, Cory, Bruno * Topics: * Moby 25 release https://github.com/moby/moby/issues/45926: * Status and risks releasing before DockerCon? * Release quality talk * health start interval surfacing on Swarm's CLI. Follow-up with Drew? * BK 0.12 PR mostly ready * Need release notes - test plan for manual testing. * Security patches follow-up * Volumes submount PR review - still need review * https://github.com/moby/moby/pull/45687 ## 2023-09-11 Present: Bjorn, Sebastiaan, Joseph, Albin, Pawel, Derek, Sam * Topics * Moby 25.0 status. Looking at shipping with Docker Desktop 4.24 release (code freeze Sep 22nd) * https://github.com/moby/moby/issues/45926 * Discuss need how to add external security people on the Moby project * Open security issues * Pawel's PR (volumes sub path) * https://github.com/moby/moby/pull/45687 ## 2023-08-21 Present: Sebastiaan, Bjorn, Joseph, Derek, Bruno, Cory, Djordje, Pawel, Brian, Andrey * Topics * 24.06, 25.0 status * unblocking release pipeline * 25.0 depending on BuildKit 0.12 * OTEL changes submitted by Brian * CLI RRO * Reviews appreciated on Pawel's submout: https://github.com/moby/moby/pull/45687 * Rename master branch to main * Security issues ## 2023-08-21 Present: Sebastiaan, Bjorn, Joseh, Derek, Bruno ## 2023-08-07 Present: Sam, Sebastiaan, Bruno, Albin, Brian * Topics * Reviewing status on Moby 25.0. * Pending buildkit 0.12 update * Moving containerd out of experimental, mostly missing `docker push` not working for multiplatform images ## 2023-07-24 Present: Bjorn, Sebastiaan, Bruno, Albin, Cory, Tianon, Brian, Pawel, Laura * Topics: * Moby 24.0.5 release * Moby 25.0 status - aiming RC end of the week. * Request for Comments of Djordje's document on the multiplatform API with containerd https://hackmd.io/@rumpl/moby-multi-platform-images-api ## 2023-07-17 Present: Djordje, Bjorn, Sebastiaan, Sam, Brian, Tianon, Pawel, Cory, Andrey, Bruno, Laura, Andrey * Topics: * 25 release tracking issue: https://github.com/moby/moby/issues/45926 * containerd - recurring meetings to further develop vision and strategize * Djordje prepared a document about multiplatform support. Comments are welcome: https://hackmd.io/@rumpl/moby-multi-platform-images-api ## 2023-07-10 Present: Sebastiaan, Albin, Bruno, Cory, Bjorn, Tianon * Topics: * 24.04 release * 25.0 release to ship with Docker Desktop 4.22 shipping on July 27th - Create issue on Github to track 25.0 release * buildkit update * rro CLI/API * CDI library version (experimental?) * (soft) capability bits follow-up * health start interval * I'd like to get otel in, just need to figure out how I'm going to handle tests that are looking at goroutines in the daemon. * https://github.com/moby/moby/pull/45906 * Bjorn to create a tracking issue for Moby 25 release * When can we expect an RC? Particular needs for testing? Release notes? * https://github.com/moby/moby/pull/45900 not considered a release blocker for 25. Would be ideal receiving contributions for community. ## 2023-07-03 Present: Djordje, Brian, Sebastiaan, Sam, Bjorn, Tianon * Topics: * 24.03 patch release today * 25 RC and attempt Moby 25 mid July to ship in Docker Desktop in July 21st - updating buildkit * otel thread https://dockercommunity.slack.com/archives/G2UH8LB5Y/p1688398602328699 * Discuss EOL strategy https://github.com/moby/moby/discussions/45841 ## 2023-05-22 Present: Bjorn, Djordje, Bruno, Tianon, Pawel, Sebastiaan * Topics: * Apono status - Cory to follow-up * Moby high level roadmap * review existing roadmap.md - who is working on what. What topics have user demand? * We need a file that reports the maintenance status of branches https://github.com/moby/moby/blob/master/project/BRANCHES-AND-TAGS.md * We should start an HackMd with painpoints around security handling in GH: https://hackmd.io/@neersighted/HkC0jQFB2 ## 2023-05-08 Present: Cory, Bruno, Andrey, Laura, Tianon, Bjorn * Topics: * Discussion about: https://dockercommunity.slack.com/archives/G2UH8LB5Y/p1683487302356429 no reason to not tag with v25 - acknowledging it's not best practice and is a temporary hack. However more thought needed to navigate through the go modules adoption. * Release side: Mirantis did QA one commit behind 20.10. Wondering if anyone is against tagging one commit behid * Issue flagged for discussion: https://github.com/moby/moby/issues/45454 ## 2023-04-24 Present: Tianon, Bruno, Cory, Pawel, Djordje, Albin, Sam, Brian * Topics: * Status of Moby 24 release * A significant number of PRs in the 24.0 milestone which do not seem necessary for the release. We need cleaning: https://github.com/moby/moby/milestone/103 * Albin proposing a new list of labels for networking issues: https://dockercommunity.slack.com/archives/G2UH8LB5Y/p1682355562363269 ## 2023-04-17 Present: Bruno, Sebastiaan, Cory, Djorje, Albin, Tianon, Pawel, Brian * Topics: * Moby 23.04 status. Releases 23.04 beta two. Should we push to production and tag. * containerd upstream status. * reviews welcome: * https://github.com/moby/moby/pull/45347 * https://github.com/moby/moby/pull/45346 * Discussion around moving back Swarmkit into Moby - could make maintenance easier. More thought needed about impact, risks, and effort needed. * Multiplatform UX? We should move forward and build PoC's * Docker Engine release schedule? ## 2023-04-03 Present: Sebastiaan, Bruno, Djordje, Bjorn, Cory, Brian, Tianon, Albin * Topics: * Security advisory release * 24 release is in good shape ## 2023-03-27 Present: Bruno, Albin, Cory, Sebastiaan, Tianon, Bjorn, Djordje, Brian * Topics: * 23.02 release status. Packages pushed to staging - all green. If OK push to production and tag the release. Will follow with 24 release. * Define group of people for security related topics and use OOTB GitHub groups * containerd upstreaming PRs (push UI/UX, multiplatform images): https://github.com/moby/moby/issues/44582 * CDI support ----- ## 2023-03-20 Present: Bruno, Bjorn, Brian, Sam, Albin, Pawel, Cory, Tianon * Topics: * 23.02 release candidate (AppArmor, BuildKit 0.10) - waiting for release notes. Bjorn will make a first version, then we will review internally at Docker. * Albin joining the Runtime team at Docker to work on libnetwork * Discussion about legacy nightly binaries builds: https://github.com/moby/moby/issues/40378#issuecomment-655469446. How can we use it to detect issues when releasing Moby with Desktop. GHCR can be an option * Discussion around new streams of work in Moby and how to work as a group. Possibly move to async communication with GH discussions * Ongoing discussion about CDI support by Nvidia in the draft PRs. Comments welcome: https://github.com/moby/moby/pull/45134 ## 2023-03-06 Present: Bruno, Bjorn, Djordje, Sebastiaan, Javier, Pawel, Tianon, Cory, Brian * Topics: * Status of containerd upstream. We have a significant number of PRs ahead. Progress on containerd push implementation (#44963) * In general we are doing a good job. Approach: incremental approach as we can. For larger PRs try to ping people. Technical call to walktrough. * https://github.com/moby/moby/issues/44582 specifically needs some eyes * Have draft PR to enable containerd CI to increase confidence to merge. Flip switch to change storage backend? * Next steps high-level roadmap? * Give extra one week or two - from Docker surface containerd integration, wasm, multiarch features. Libnetwork on Mirantis. Not clear enough vision atm. * What format should we use? We can start by updating the document, or wiki? * Use it for community engagement - help wanted? On-going projects, where contributions are needed. Dynamic living document which is closer to the code. Once/twice a year write a blog post. * About workflow on contribution docs: https://github.com/moby/moby/pull/45026 * Plans to improve external communication? Re-enable the blog or Twitter account? * Identify materials that are useful to everyone. Syndicating corporate content to the Moby Project. * Also an opportunity to update the website? https://github.com/moby/mobywebsite * Javier and Bruno offer to make an assessment of the current website and identify areas of improvement * Discussion about patch release. BuildKit did a patch release that * BuildKit 0.11.4 release with security implications: * https://github.com/moby/moby/pull/45109 * https://github.com/moby/moby/pull/45110 * Should we release or stick with the release schedule? * What process should we follow? Review first and third Thursday of the month. Use milestones to track what should go to the patch. * Add configuration settings to classic builder on Windows?https://github.com/moby/moby/issues/38387 * We should hold and discuss with Buildkit maintainers? * Make daemon config? Change defaults? Do we want to make an API change for this? Make it for 24.0 release - what should it look like? * Better default makes more sense as a starting point (in major release). * Comment about making build work with containerd: https://github.com/moby/moby/pull/44079#issuecomment-1455970071 * RLIMIT_NOFILE discussion/fixes * Swarm encrypted overlay networks re: xt_u32 and xt_bpf * Moby-wide SECURITY.md preliminary discussion ## 2023-02-27 Present: Bruno, Sebastiaan, Pawel, Laura, Cory, Tianon, Brian * Topics: * Around blog content for Moby, we will publish in Docker Inc + Mirantis Blog. Bruno can liaise with Docker Marketing team if needed. * Attempt for 23.02 patch release and align Docker Desktop releases. The coming releases are scheduled for March 30th, April 27th, and May 25th. * When should we target a 23.1? * containerd upstream will still take some time - still behind feature flag * will bring BuildKit 0.11 * Moving the Moby Sync Meeting 30 minutes later. ## 2023-02-13 Present: Bruno, Tianon, Cory, Drew, Sam, Bjorn, Justin Chadwell, Brian, Laura * Topics: * Notary https://github.com/cncf/toc/issues/981 and Runtime support for content trust. Justin Chad. chime in about the build side and support for signing frameworks. * Storage driver deprecation: https://github.com/moby/moby/pull/43378#discussion_r826441614. Need docs improvements. * Folding Moby maintainers into SwarmKit? SwarmKit needs reviews, engagement. From the Moby project perspective how can we help the project? Moving code-base in-tree? What direction should SwarmKit take, converging or diverging from Moby, in the long-run? * Runtime hiring to improve libnetwork. Ask for plan and features. Brian's thoughts from a year ago: https://github.com/moby/moby/issues/39338 ## 2023-02-06 Present: Pawel, Bruno, Sebastiaan, Bjorn, Cory, Djordje, Sam, Tianon, Brian * Topics to discuss following Moby 23.0 release. Regressions: * Apparmor: not impacting the majority of users. Need to be fixed in 23.0.1 * BuildKit inline cache: Need to be discussed with Tonis. * libnetwork ipvlan: there is an easy fix ## 2023-01-30 Present: Sebastiaan, Sam, Bruno, Pawel, Bjorn, Cory, Djordje, Tianon, Brian * Moby 23.0 release: * packaging changes in CE to be tested. We but go forward but, we don't have static packages for buildx and compose https://github.com/docker/docker-ce-packaging/pull/835. * And issue with armv5 - should not be a blocker. * Release notes mostly done. Last comment added by Bjorn related with last change in the CLI. Bjorn following changes closely. * Last PR fixing `docker manifest`: https://github.com/docker/cli/pull/3990 (significantly broken with buildkit) * Approach for patch releases: * Considering we will have different branches with different release cycles (Docker, Mirantis), Bjorn proposes scheduled coordination of patch releases. Changes review should be explicitly part of the agenda. * Brian share new idea: /streams ## 2023-01-23 Present: Cory, Brian, Sebastiaan, Djordje, Bruno, Sam, Drew, Bjorn, Tianon * Topics for discussion * Moby 23.0 release - we will communicate about the release in Docker's blog and Moby twitter account * We are in pretty good shape for the release * There is preference for release sooner than later * Tweet the release in the Moby account * Docker Blog post when Moby get into Docker Desktop * Final bits in the changelog and armv5 build * CDI and Swarm Devices -- CLI & API * API needs to be strongly typed and client can gracefully degrade * Preference is extending the mount API to support devices * We can do this ahead of merging either feature and ask the contributors to extend that is already built * Release plans * Ad-hoc promotion of branches and keeping master always 'long-term branch ready' is preferred * Docker CE & Docker Desktop will likely follow the latest tagged version always * Proposing backlog table with a list of lower priority topics that we should keep track and make sure that move forward ## 2023-01-09 Present: Bruno, Bjorn, Sebastiaan, Tianon, Djordje, Pawel, Cory, Drew, Brian - Topics for discussion: - 23.0 release notes - [HackMD file](https://hackmd.io/HfLRQarfQK2h246BGJCdZA) available to collaborate. Spreadsheet compiling all issues and PRs for categorization and one-liner description. Make sure that new PRs are added to the [Moby Project](https://github.com/orgs/moby/projects/2/views/1) to be included later in the release notes. - Gorilla Mux status - no further action. We should monitor what others are doing. - [mutiplatform UX](https://github.com/moby/moby/issues/44582) - no significant progress. Please review the PR above - update TSC information - Sam will submit a PR for discussion - update info github.com/docker/opensource - Same as above - high level roadmap - Bruno's proposal to complete the 23.0 release and then dedicate time to this. Namely review [Roadmap.md](https://github.com/moby/moby/blob/master/ROADMAP.md) - security issues management process - Sebastiaan will review the list of owners and admins group before activating the built-in GH features - [time permitting] swarmkit sync - deprecation of btrfs for CentOS/RHEL 7: - https://github.com/docker/cli/pull/3957 - https://github.com/docker/cli/pull/3956 - https://github.com/docker/docker-ce-packaging/pull/811 ## 2022-12-19 Present: Cory, Bruno, Sebastiaan, Tianon, Brian - Discussion about reverting AF_VSOCK seccomp ([moby#44670](https://github.com/moby/moby/issues/44670)). Either revert or use your own profile. Are there more people depending on this? - Next major release will block AF_VSOCK - Related issue on containerd side ([containerd#7442](https://github.com/containerd/containerd/issues/7442)) - Raising that [Gorilla Mux](https://github.com/gorilla/mux) is now archived and we depend on it. We should consider a canonical fork and maintain as "feature-complete", accepting only critical security fixes. To be discussed. ## 2022-12-12 Present: Sam, Sebastiaan, Cory, Pawel, Tianon, Bjorn, Bruno - reported runc CVE. Related discussions: - https://github.com/opencontainers/runc/pull/3272 - https://github.com/containerd/nerdctl/pull/511 - https://github.com/moby/moby/issues/10714 - Potential topics for discussion: - 23.0 release - Multiarch UX - Moby high-level roadmap - Security issues management - TSC review proposal - `runc` "security issue"/recursive read-only - General consensus is that this is an existing well-known issue - Needs a loud docs callout - Changing the behavior of the existing `ro` flag is going to break unknown users - Failing with a coherent message when the feature is requested by the user and is unavailable is preferable to changing defaults based on kernel version - Should be easy to get in, but dubious on the value of forcing it into 23.0.0 - selinux issue ([cli#3914](https://github.com/docker/cli/issues/3914)) - Sebastiaan needs more eyes as he is not a selinux expert - cannot set time issue/time namespaces ([moby#44609](https://github.com/moby/moby/issues/44609)) - Needs OCI spec changes? - related: -https://github.com/opencontainers/runtime-spec/pull/1151 - https://github.com/opencontainers/runc/issues/2345 - late backport of type changes ([moby#44517](https://github.com/moby/moby/pull/44517)) - Decline for now, focus on release - containerd image inspect PR ([moby#44622](https://github.com/moby/moby/pull/44622)) - Already reviewed by non-maintainer contributors - containerd BuildKit integration ([moby#44079](https://github.com/moby/moby/pull/44079)) - release cycles (23.0.0 LTS)? - should 23.x be stable? - advantages: - long gap between releases - more graceful transition to new more aggressive release policy - Mirantis and other consumers desire a stable version sooner than later - disadvantages: - issues with 23.0 are unknown - designating a 'patch' branch could provide greater stability guarentees - buildkit 0.11.x is not yet integrated and we would like to avoid supporting 0.10.x - uncertainty over how quickly the next release will come - discussion around formal expectations for users/maintainers: - it is not desired to make every maintainer pay the price of keeping a branch around - sponsoring maintainer maintaining a branch instead of project-wide lts? - add some hints as to how long a branch is expected to be maintained for - instead of a 'blessed' LTS, instead focus on gradual introduction by first doing this semi ad-hoc, and use lessons learned to create a more formal process/set of expectations if desired ## 2022-12-05 Present: Bruno, Bjorn, Sebastiaan, Sam, Pawel, Tianon - 23.0 status: - Sebastiaan needs help with Buildkit changes - Current blocker is Docker internal CI - Docker-CE betas this week? Should be able to tag (beta) this week as well. - Secrets: - Interest in fleshing them out in the Damon/BuildKit - UI/UX is hard; will need to be pluggable as a start. - Node-level secrets, always-mounted secrets, etc are also necessary. - This is needed to enable one of the main drivers, Linux distro entitlement inclusion. - Build-time availablity and semantics also need to be factored in. - BuildKit may complicate this. - CDI and NRI could also be worth exploring; Podman already implements these. - Bjorn is interested in exploring this with Mirantis peers, will try and find consensus on priority and a prelimiary design. - Multiarch UX (containerd): - Is a multi-arch image a single unit? Or are the multiple architectures exposed to the user? - Currently: - I have a `linux/amd64` `ubuntu:latest` image. - `docker run --platform linux/arm64 ubuntu:latest` causes an automatic pull, and clobbers the `linux/amd64` image. - Should `docker pull` update all platforms, or just the `--platform`/current platform? If I pull a platform that does not already exist, should all platforms be pulled, or just the specified one? - Bjorn: so currently `docker pull --platform <alt> tag` will remove my native platform tag, as there can be only one tag/tags are not per arch? - Correct. - Brian: no reason to have untagged images period? - `docker build` is untagged by default; many use cases depend on untagged images. - Should `docker pull` pull all architectures that are local? - Explicit specification of platforms seems desirable. - Only pulling a single platform rules out some use-cases. - Sebastiaan: If I have three architectures locally, and I `docker pull`, I expect all architectures to be updated. - Tianon: What if an architecture is missing? - Warning seems least surprising/straightforward. - Other use cases should be explored. e.g "fill in" architectures. - Bjorn: What does `skopeo` do? - Moves everything; likely not desirable for Moby. - `--platform all` or similar is worth considering, however. - Pull what is needed should be the default. - `nerdctl` has a platform column with a one-image-per-platform display. - Docker Desktop was doing something similar. - Brian: Should we consider architectures to be individual images? - Bjorn: Objection to misleading user on what a tag vs image is; some commands poorly abstract this and confuse the user (and maintainer) by mixing metaphors. - Consider removing the REPOSITORY column from `docker image` and instead expose plain tags. - Could open up some options for maintaining 'tag history' locally. - Something like `git reflog` locally? - Brian: Should `docker pull` fill in missing architectures locally when new architectures are required, or pull the tag and then the requested architectures? - A `--no-move-tags` or similar could be added to use the local manifest at a particular tag. - Needs thought about what is most expected. - Brian: What about detaching references from remotes? - e.g. pull a remote image and track it under a different name locally - Similar to Git tracking branches; you may want to track a remote tag locally under a different name, or just pull a remote tag to a local tag with no special relationship. - Related: [https://github.com/moby/moby/issues/38880](#38880), push a local name to a different remote name. - rm needs a `--platform` flag, as does inspect. - How should prune react to multi-arch images? - Prune unused architectures to `-a`? - This is complicated by the local vs remote tags split. - Brian: Flat UX for `docker image ls`: - Three columns, REPOSITORY, TAG, PLATFORM. - How would the manifest index be exposed? (Docker Hub does not currently expose it) - What happens during removal? - Remove all images? Remove only the host? - `nerdctl images` output seems to be an ideal simple view. - Sebastiaan objects to exposing this to the user as it breaks the 'multi-arch image' abstraction. - Bjorn/Brian are likely in favor of exposing platform as people are more sensitive to CPU architecture than they were 5 years ago -- the black box is not helpful to even unsophisticated users. - Tianon: Exposing users to the registry structure with manifests and individual users is helpful as hiding the details of the registry confuses users. - Needs more thinking; what to present to the user is tricky. ## 2022-11-28 Present: Bruno, Pawel, Sebastiaan, Bjorn, Cory ## Meeting notes - Update on TSC status - High-level roadmap for Moby - long running meta issues/discussions to create visibility for people who are following the project. (increase transparency on what we are doing and planning) - new project with summary, labels - more active communication of what is going on the maintenance side to passively improve contributions - labels, help wanted, good first issue. Bring attention. - Improve onboarding - Review: Top-level/long-term roadmap, canned responses - Update on moving the mechanism to report Moby security issues to GitHub. - We should give it a try. Bjorn discussed with the PM at GH and they have a less granular solution to handle communication (Security Manager role). Probably OK to have a single Security Managers group for the whole project. - Sebastiaan will set up for the Moby project ## 2022-11-21 Present: Akihiro, Djordje, Sebastiaan, Bjorn, Cory, Pawel, Brian, Bruno ## Meeting notes - Dicussion around how can we improve the upstream roadmap for better visibility: plan lifecycles, LTS branches (GH Projects/Kanban) - Agreed to testing/ GitHub Security reporting features and move out from security@docker.com - Technical discussion about versioning and restructuring the daemon ## 2022-11-14 Present: Sebastiaan, Bruno, Tianon, Brian, Sam ## Meeting notes - Because of a clash with another meeting at Docker we will reshedule this meeting, trying to maximize maintainers attendance. - Discussions ongoing to retire Moby's TSC and delegate the role to the maintainers. The same happened with the containerd project: https://github.com/containerd/project/pull/16. Sam will follow-up. - Attempt for a Moby release 23.0 beta this week. Opportunity to revive Moby's Twitter account. - Attempt for a 24.0 release during Q1 next year to include the latest containerd developments