HackMD
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit
      • Invitee
      • No invitee
    • Publish Note

      Publish Note

      Everyone on the web can find and read all notes of this public team.
      Once published, notes can be searched and viewed by anyone online.
      See published notes
      Please check the box to agree to the Community Guidelines.
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Options
    • Versions and GitHub Sync
    • Transfer ownership
    • Delete this note
    • Note settings
    • Engagement control
    • Template
    • Save as template
    • Insert from template
    • Export
    • Dropbox
    • Export to Google Drive
    • Gist
    • Import
    • Dropbox
    • Import from Google Drive
    • Gist
    • Clipboard
    • Download
    • Markdown
    • HTML
    • Raw HTML
Menu Note settings Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Versions and GitHub Sync Transfer ownership Delete this note Engagement control
Export
Dropbox Export to Google Drive Gist
Import
Dropbox Import from Google Drive Gist Clipboard
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit
Invitee
No invitee
Publish Note

Publish Note

Everyone on the web can find and read all notes of this public team.
Once published, notes can be searched and viewed by anyone online.
See published notes
Please check the box to agree to the Community Guidelines.
Engagement control
Commenting
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
  • Everyone
Suggest edit
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
   owned this note    owned this note      
Published Linked with GitHub
5
Subscribed
  • Any changes
    Be notified of any changes
  • Mention me
    Be notified of mention me
  • Unsubscribe
Subscribe
# OCI Weekly Discussion ###### tags: `oci` `discussion` Time: 1700 GMT (1300 EST; 1000 PST; 1900 CET; 0300 AEST; 0100 CST) - [OCI Calendar](https://calendar.google.com/calendar/b/2/r?cid=bGludXhmb3VuZGF0aW9uLm9yZ19pMHNhZG8waTM3ZWtuYXI1MXZzdThtZDVoZ0Bncm91cC5jYWxlbmRhci5nb29nbGUuY29t) - [Conference URL](https://zoom.us/j/6449415895?pwd=S2tJVGVra0dYdlZCRjJwdXdPdGRQQT09) with embedded passcode - One tap mobile [+16465588656,,6449415895#](+16465588656,,6449415895#) US (New York) [+16699006833,,6449415895#](+16699006833,,6449415895#) US (San Jose) Passcode: 77777 *(5 7's)* Dial by your location +1 646 558 8656 US (New York) +1 669 900 6833 US (San Jose) 877 369 0926 US Toll-free 855 880 1246 US Toll-free Meeting ID: 644 941 5895 Find your local number: https://zoom.us/u/aLDk4OXTu Working groups: - Auth: <https://hackmd.io/YyhWh7X_RuCod0i0mGxVLg> - Image Compatibility: <https://hackmd.io/060HKC3DTV-NzzewNQbHCg> - FreeBSD: <https://hackmd.io/hq_NOVL4RZS7xYYMqfJ6-A> *template at the bottom* ## April 17, 2025 **Recording**: https://youtu.be/Vp8sfMPuqcA ### Attendees: - Brandon Mitchell - Jory Burson - Ramkumar Chinchani - Sajay Antony - Jeff Carter - Samuel Karp - Syed Ahmed ### Actionable Agenda Items: None ### Presentation/Discussion Agenda Items: - Support for other layer media types: <https://github.com/opencontainers/image-spec/pull/1191> - Rework the PR to focus on whether OCI should support new media types (`manifest.md`) - Discussion from there can look at how much this improves performance - More discussion on parallel blob uploads - Recommendation to open an issue in GitHub to consolidate the discussion - License annotation usage: <https://github.com/opencontainers/image-spec/issues/1257> - Reference spec working group: <https://github.com/opencontainers/tob/pull/114> ### Notes: Notes from the zoom chat: 00:05:53 Brandon Mitchell: https://groups.google.com/a/opencontainers.org/g/tob 00:16:52 Sajay Antony: Hey @Syed, Given the discussion of concurrent upload, there is some interest in folks i talked to in Azure as well. 00:24:09 Samuel Karp: yep, count me in 00:26:21 Syed Ahmed: So far I see LLMs, VM images, libs 00:27:14 Sajay Antony: Yep VM images are also in the mix here. 00:30:29 Syed Ahmed: Yes, agree with the compatibility aspect 00:31:18 Ramkumar Chinchani: overlap with CDN ideas 00:32:14 Syed Ahmed: I’ll create a channel in the dist slack for this ## April 10, 2025 **Recording**: https://youtu.be/SEih1RI7sFA ### Attendees: - Tianon - Syed Ahmed - Jory Burson - Brian Goff - Brandon Mitchell - Sajay Antony - Derek McGowan - Mike Brown - Michael Brown - Samuel Karp ### Actionable Agenda Items: - Container Plumbing Days CFP is open, promotions encouraged: <https://groups.google.com/a/opencontainers.org/g/dev/c/lWLddPSeyRU/m/w1KTQ-hLBAAJ> - _add your items_ ### Presentation/Discussion Agenda Items: - Fixing image-spec badge - Previous PR was closed: <https://github.com/opencontainers/image-spec/pull/1251> - Reference spec working group: <https://github.com/opencontainers/tob/pull/114> - Mailing list spam - <https://groups.google.com/a/opencontainers.org/g/dev> - <https://groups.google.com/a/opencontainers.org/g/tob> - parallel blob upload/download - Out of order push: <https://github.com/opencontainers/distribution-spec/issues/546> - Blake3: <https://github.com/opencontainers/image-spec/pull/1240> - erofs/squashfs: <https://github.com/opencontainers/image-spec/pull/1191> - dm-verity: <https://docs.kernel.org/admin-guide/device-mapper/verity.html> - ability to shard a blob into multiple chunks with multiple digests and a map of digests - Derek: spec should follow an implementation - Brandon: consider making the chunks into blobs/layers to avoid redesigning registries - Deferred: Support for other layer media types: <https://github.com/opencontainers/image-spec/pull/1191> ### Notes: Notes from the zoom chat: 00:18:54 Mike Brown: new KEP that may be semi related https://github.com/kubernetes/enhancements/pull/5097 00:19:41 Derek McGowan: I thought LF moved everything over to that other system 00:20:35 Mike Brown: kep ^ excerpt: “The proposal aims to address the challenge of verifying which registry an image is being pulled from when deploying applications in Kubernetes having multiple image mirrors configured. Currently, users have to manually check the runtime logs to determine which registry was being used, but this approach can be time-consuming and error-prone. The proposed solution seeks to provide transparency by adding a new field in the container status as well as in the image inspect section which provides the details of the registry from where the image is pulled. This would help users to better manage their applications' dependencies, troubleshoot issues related to image availability, and ensure compliance with organization security policies.” 00:20:43 Brian Goff (@cpuguy83): ❤️ the internet 00:38:31 Sajay Antony: @Syed Ahmed can we also call out why we need an API/spec here and why not go down something like QUIC 00:39:26 Tianon (he/him): +1 to Derek ❤️; at the very least, it would help to have a proof of concept that clearly shows the problem, the solution, and how much better, faster, stronger, etc the solution is (and concretely how hard it might be to change other clients/servers to support it) 00:42:06 Sajay Antony: Replying to "@Syed Ahmed can we a..." ok maybe this was a stupid question since multi stream for a single patch isn't in scope. 00:57:05 Tianon (he/him): "For uploads, your updated AWS client automatically calculates a checksum of the object and sends it to Amazon S3 along with the size of the object as a part of the request." 00:57:11 Tianon (he/him): Replying to ""For uploads, your u..." https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html 00:58:42 Brandon Mitchell: "Amazon S3 automatically uses the CRC-64/NVME checksum algorithm." ## April 3, 2025 Canceled for KubeCon EU ## April 1, 2025 (KubeCon EU) **Recording**: https://youtu.be/FGjZvVR_N38 10am - 11am BST [convert to your timezone](https://dateful.com/time-zone-converter?t=10am&d=2025-04-01&tz2=British-Summer-Time-BST) Level 1, ICC Prince Regent Room 1 ### Attendees: - Mike Brown - Samuel Karp - Antoni Oeja - Alexander Kanevskiy - Arnaud Meukam - Toru Komatsu - Phil Estes - Giuseppe Scrivano - Akihiro Suda ### Actionable Agenda Items: None ### Presentation/Discussion Agenda Items: - (@aojea) [Linux Network Devices runtime-spec](https://github.com/opencontainers/runtime-spec/pull/1271) - Latest version with a more thoroughly explanation of all edge cases and internal details of the proposal - [runc implementation](https://github.com/opencontainers/runc/pull/4538) with end to end test cases covering the main user stories - [slides](https://docs.google.com/presentation/d/1Vdr7BhbYXeWjwmLjGmqnUkvJr_eOUdU0x-JxfXWxUT8/edit?slide=id.g2f0d2381f13_0_852#slide=id.g2f0d2381f13_0_852) - Next steps: introduce container edits in CDI spec and in NRI protocol - (@kad) Old PRs about RDT: - [Schemata in spec](https://github.com/opencontainers/runtime-spec/pull/1230) - [Docs clarification](https://github.com/opencontainers/runtime-spec/pull/1196) - (@kad) [Linux Memory Policy](https://github.com/opencontainers/runtime-spec/pull/1282) ### Notes: Notes from the zoom chat: 00:26:29 Arnaud Meukam: https://docs.google.com/presentation/d/1Vdr7BhbYXeWjwmLjGmqnUkvJr_eOUdU0x-JxfXWxUT8/edit#slide=id.g2f0d2381f13_0_852 00:30:48 Phil Estes: https://github.com/opencontainers/runtime-spec/pull/1271 ## March 27, 2025 **Recording**: https://youtu.be/AKbZPkAzwLU ### Attendees: - Jory Burson - Tianon - Brandon Mitchell - Samuel Karp - Sajay Antony - Brian Goff - Syed Ahmed - Jeff Carter ### Actionable Agenda Items: - Ready for review: - Fixing image-spec badge: <https://github.com/opencontainers/image-spec/pull/1251> - Container Plumbing Days CFP is open, promotions encouraged: <https://groups.google.com/a/opencontainers.org/g/dev/c/lWLddPSeyRU/m/w1KTQ-hLBAAJ> - KubeCon EU in-person meeting Tuesday, April 1, 10am-11am BST @ Level 1, ICC Prince Regent Room 1 ### Presentation/Discussion Agenda Items: - Should we include non-OCI media types in the spec: <https://github.com/opencontainers/image-spec/pull/1191> ### Notes: Notes from the zoom chat: 00:10:54 Sajay Antony: Sorry folks been out of the country for the last 2 weeks so just catching up. 00:12:43 Jory Burson (LF): KubeCon EU meeting has been added to the cal for April 1 00:12:49 Tianon (he/him): mounting untrusted filesystems directly into the kernel 🥳 <homer-hides-in-the-hedge.gif> 00:18:50 Sajay Antony: Thanks all. ## March 20, 2025 **Recording**: https://youtu.be/XojSHq6L0mI ### Attendees: - Jory Burson - Tianon - Brandon Mitchell - Ramkumar Chinchani - Brian Goff - Syed Ahmed ### Actionable Agenda Items: - Ready for review: - Fixing image-spec badge: <https://github.com/opencontainers/image-spec/pull/1251> - Container Plumbing Days Update - Help promote CFP! - Boost on LinkedIn / Twitter ### Presentation/Discussion Agenda Items: - image-spec bumping dependencies: <https://github.com/opencontainers/image-spec/pull/1253> - Concerns on bumping the Go version for this considering how much it has been imported. - distribution-spec conformance dependencies: <https://github.com/opencontainers/distribution-spec/pull/571> - Since this is only in conformance, we can likely bump the Go version to get this to build. ### Notes: Notes from the zoom chat: 00:12:43 Brian Goff (@cpuguy83): Oh I came at just the right time. 00:14:03 Brian Goff (@cpuguy83): I have a rant about this every go release. 00:14:11 Tianon (he/him): the longer I use Go, the more heavily https://fasterthanli.me/articles/i-want-off-mr-golangs-wild-ride resonates with me 00:14:25 Ramkumar Chinchani: if we disagree with their approach, we should write our own language&compiler 00:16:23 Jory Burson (LF): Preach. Tianon! ## March 13, 2025 **Recording**: https://youtu.be/bOq246XSSq8 ### Attendees: - Brandon Mitchell - Tianon - Miloslav Trmac - Brian Goff - Derek McGowan - Jon Johnson - Jory Burson - Samuel Karp - Jeff Carter - _add yourself_ ### Actionable Agenda Items: - Ready for review: - Canonical JSON: <https://github.com/opencontainers/image-spec/pull/1249> - Merged - Fixing image-spec badge: <https://github.com/opencontainers/image-spec/pull/1251> ### Presentation/Discussion Agenda Items: - Annotation for an "instance" in a source repo: <https://github.com/opencontainers/image-spec/issues/1046> - Disagreement on whether this should be part of the source url, a path, a unique instance per image built, or a 3rd party annotation. - Async delete: <https://github.com/opencontainers/distribution-spec/issues/570> - Agreement that 202 means async and implementations may not immediately delete the manifest, PR needed, no volunteers. - Jon would like a structured error message when a manifest delete is blocked for data integrity, listing the other digests referencing the content being deleted - Jory has details for Container Plumbing Days CFP up <https://events.linuxfoundation.org/container-plumbing-days/program/cfp/> - In-person meeting at KubeCon EU, 10 AM Tuesday April 1 ### Notes: Notes from the zoom chat: 00:29:55 Tianon (he/him): "As implied by the 202 status code, deletion may happen asynchronously." 00:30:25 Tianon (he/him): Replying to ""As implied by the 2..." sorry, MAY 00:35:23 Jory Burson (LF): Tuesday, 1 April, from 10:00-12:00 00:36:37 Jeff Carter: there is a "I'm a teapot" code, maybe there should be a "i'm a wizard" code 00:36:41 Brian Goff (@cpuguy83): Because http/2 requires wizardry. 00:40:53 Jeff Carter: how is the json formatted? 00:42:23 Samuel Karp: need to drop, thanks 00:42:41 Tianon (he/him): Replying to "how is the json form..." in the canonical way (as opposed to canonical json) 00:54:22 Tianon (he/him): I'll blow away those 10 thousand manifests to the tune of the famous disturbed song too ## March 6, 2025 **Recording**: https://youtu.be/pVBydQhEP2E ### Attendees: - Brandon Mitchell - Tianon - Harry Randazzo - Ramkumar Chinchani - Brian Goff - Philip Laine - Samuel Karp ### Actionable Agenda Items: none ### Presentation/Discussion Agenda Items: - Canonical JSON in image-spec: <https://github.com/opencontainers/image-spec/pull/1249> - No objections and no other maintainers around to review this week - In-person meeting at KubeCon EU? - Follow up with <operations@opencontainers.org> ### Notes: From the zoom chat: 00:03:05 Tianon (he/him): Harry starting right into a landmine 😀 00:03:49 Tianon (he/him): https://github.com/opencontainers/image-spec/blob/v1.1.1/annotations.md#pre-defined-annotation-keys:~:text=org.opencontainers.image.ref.name 00:08:26 Ramkumar Chinchani: This SHOULD be a fully qualified reference name, without any assumed default registry. (e.g., registry.example.com/my-org/my-image:tag instead of my-org/my-image:tag). only for base.name? 00:10:49 Tianon (he/him): @Brian Goff (@cpuguy83) gonna pipe up for his Microsoft friends that he wants UTF-16 instead 😂 00:11:08 Tianon (he/him): Replying to "@Brian Goff (@cpuguy..." the untold horrors of the Windows ecosystem 00:11:32 Brian Goff (@cpuguy83): And we're not there 🙂 00:12:18 Harry Randazzo: Gotta drop early, I'll come next week with more landmines 😅 00:13:50 Brian Goff (@cpuguy83): Replying to "@Brian Goff (@cpuguy..." 16 is better than 8 right? 00:14:21 Brian Goff (@cpuguy83): Quick someone say something controversial ## February 27, 2025 **Recording**: https://youtu.be/NWn9I09lx2k ### Attendees: - Tianon - Brandon Mitchell - Brian Goff - Jeff Carter - Syed Ahmed - Sajay Antony - Harry Randazzo - W. Trevor King - Ramkumar Chinchani ### Actionable Agenda Items: - Vote: - image-spec v1.1.1: <https://github.com/opencontainers/image-spec/pull/1247> - runtime-spec v1.2.1: <https://github.com/opencontainers/runtime-spec/pull/1278> - Review needed: - Registering blake3 algorithm: <https://github.com/opencontainers/image-spec/pull/1240> ### Presentation/Discussion Agenda Items: - Including uncompressed layer size in descriptors: <https://github.com/opencontainers/image-spec/issues/1246> - Many agree transport level compression is an ideal state. - Some concern on supporting range requests. - OCI Layout may need to be updated to support compression extensions on blob files to effectively have transport level compression on blobs in a Layout. - Blob HEAD vs GET: <https://github.com/opencontainers/distribution-spec/issues/569> - No objection, this bug violated both HTTP and distribution specs ### Notes: Notes from the zoom chat: 00:05:34 Brian Goff (@cpuguy83): Kelvin or bust. 00:09:48 Tianon (he/him): https://github.com/docker-library/official-images/issues/17720#issuecomment-2450200677 00:13:40 Brian Goff (@cpuguy83): Much easier to add the field... that said transport layer compression is ideal. 00:15:11 Brian Goff (@cpuguy83): Oh no, Sajay is gone. 00:15:18 Brian Goff (@cpuguy83): Oh nevermind, 00:15:25 Brian Goff (@cpuguy83): UI disappeared. 00:15:34 Sajay Antony: I'm just staying silent on this one @Brian. 00:16:22 Brian Goff (@cpuguy83): Good news, Go is going to add content negotiation to the stdlib. 00:17:00 Tianon (he/him): Replying to "Good news, Go is goi..." https://github.com/golang/go/issues/19307 for folks unfamiliar with that discussion 00:18:10 Sajay Antony: Server side CPU and compression offloading will really have to evaluated is my guess. 00:18:47 Ramkumar Chinchani: i am also hearing transcoding? 00:19:28 Brandon Mitchell: https://github.com/opencontainers/image-spec/blob/main/image-layout.md 00:19:38 Sajay Antony: Image downloading 5-10GB models onto 100s of VMs. 00:19:54 Sajay Antony: "Imagine" 00:27:01 Tianon (he/him): KILL DIFFID 00:27:07 Jeff Carter: We’ve started to see 150 gb models recently 00:29:42 Brian Goff (@cpuguy83): Not compressing layers fixes a lot of issues at the runtime side. 00:30:39 W. Trevor King: I have to drop for another meeting; fun times :) 00:36:39 Tianon (he/him): Replying to "Not compressing laye..." yeah, for sure -- compression is what makes mounting tarballs hairy (making a map of the files in the tar is trivial otherwise) 00:38:04 Ramkumar Chinchani: main concern is ... is there enough information at all places (servers and clients) where gzip(gunzip(gzip(blob)) = gzip(blob) etc 00:38:21 Sajay Antony: Hoops we have to jump through @Brian - containerd/accelerated-container-image: A production-ready remote container image format (overlaybd) and snapshotter based on block-device. 00:41:30 Brandon Mitchell: Hat tip to Ram for directly asking the question I was too polite to ask. :D 00:49:08 Brian Goff (@cpuguy83): Definitely my assumption as well. 00:53:07 Brian Goff (@cpuguy83): I guess in this case the registry would only really be able to store this using the lowest common denominator compression... assuming it wouldn't want to store the same compressed data in 2 (or more) different formats. 00:53:37 Brian Goff (@cpuguy83): Which makes zstd a no-go here. 00:56:20 Brian Goff (@cpuguy83): Oh that's a great point, @Tianon (he/him) 00:57:03 Ramkumar Chinchani: network is cheap/free is a myth - i keep getting ratelimited everywhere there are other cheap/free myths about CPU and memory ## February 20, 2025 **Recording**: https://youtu.be/wlIuxqH818k ### Attendees: - Jory Burson - Tianon - W Trevor King - Sajay Antony - Brandon Mitchell - Josh Dolitsky - Brian Goff - Harry Randazzo - Ramkumar Chanchani - Samuel Karp - Mike Brown ### Actionable Agenda Items: - Review needed: - Referrers tag schema: <https://github.com/opencontainers/distribution-spec/pull/563> - Registering blake3 algorithm: <https://github.com/opencontainers/image-spec/pull/1240> ### Presentation/Discussion Agenda Items: - (Josh) Add optional tagType query param to tags list endpoint - https://github.com/opencontainers/distribution-spec/pull/568 - Regex another possibility, but feels messy - Reformating distribution-spec: <https://github.com/opencontainers/distribution-spec/issues/566> - Refactoring conformance tests: <https://github.com/opencontainers/distribution-spec/pull/543#issuecomment-2666202571> ### Notes: Notes from the zoom chat: 00:03:04 Sajay Antony: Good to see you Josh. 00:06:49 Brian Goff (@cpuguy83): <shudderas as I look at my Teams window> 00:07:30 Brandon Mitchell: The browser app is the only way I share a screen in zoom now. 00:19:28 Tianon (he/him): https://oci.dag.dev/?repo=tomcat 😅 (more advanced filtering would be awesome IMO, but I don't have high confidence that it's realistic to expect registries to implement it) 00:19:49 Sajay Antony: There are older issues for improved tag listing 00:19:49 Sajay Antony: - [RFP] replace catalog API functionality · Issue #22 · opencontainers/distribution-spec 00:19:49 Sajay Antony: Lexial discussion - Proposal: Allow listing tags in reverse lexical order · Issue #545 · opencontainers/distribution-spec 00:19:49 Sajay Antony: There have been a lot of request for better tag listing/searching 00:22:26 Tianon (he/him): image index 👀 00:23:34 Sajay Antony: John had pointed to GCR manifest/list endpoint in one of those issues and also - docs: initial commit for search extension by rchincha · Pull Request #504 · opencontainers/distribution-spec 00:25:47 Tianon (he/him): see https://oci.dag.dev/?repo=gcr.io/go-containerregistry/crane for the data GCR provides in practice 00:26:06 Tianon (he/him): Replying to "see https://oci.dag...." "timeCreatedMs": "-6795364578871", this is adorable though 00:29:36 Tianon (he/him): https://github.com/opencontainers/distribution-spec/issues/443 + https://github.com/opencontainers/distribution-spec/issues/446 00:31:21 Ramkumar Chinchani: https://github.com/opencontainers/wg-auth 00:33:56 Ramkumar Chinchani: Replying to "https://github.com/o..." auth not in the spec is messed up 00:35:37 W. Trevor King: I think it's worth trying to find things that can improve the conformance tests in a bunch of tiny pivots, instead of trying to address all the sticky points in one big pivot. Yes, there will be lots of bits that stay sticky until eventually all the issues get polished out, but you aren't hamstrung in the meantime 00:36:53 Sajay Antony: @Ramkumar Chinchani does zot support 512 manifests? 00:39:32 Ramkumar Chinchani: Replying to "@Ramkumar Chinchani ..." Yes it does. We moved away from hardcoded digest algos a while ago. 00:41:04 Ramkumar Chinchani: Replying to "@Ramkumar Chinchani ..." But as always, trust but verify. 00:41:33 Sajay Antony: NTD for another call folks. Hard to skip that one. 00:43:53 W. Trevor King: I'm also not Quay, but was poking around re: referrer API pessimisim and found https://www.redhat.com/en/blog/announcing-open-container-initiativereferrers-api-quayio-step-towards-enhanced-security-and-compliance from December 00:44:07 Samuel Karp: Which redirect? 00:45:33 Samuel Karp: https://opencontainers.org/about/governance ## February 13, 2025 **Recording**: https://youtu.be/XukRCe16WEU ### Attendees: - Brandon Mitchell - Tianon - Kyle Crane - Abhishek Jha - Sajay Antony - Jory Burson - Ramkumar Chinchani - Michael Brown - Shama Kashyap ### Actionable Agenda Items: - Review needed: - Governance redirect: <https://github.com/opencontainers/opencontainers.org/pull/158> - TOB in readme: <https://github.com/opencontainers/tob/pull/146> - TOB on website: <https://github.com/opencontainers/opencontainers.org/pull/160> - Referrers tag schema: <https://github.com/opencontainers/distribution-spec/pull/563> ### Presentation/Discussion Agenda Items: - Opentofu is adding OCI artifact support: <https://github.com/opentofu/opentofu/pull/2163> - Registering blake3 in image-spec: <https://github.com/opencontainers/image-spec/pull/1240> - Header / identifier for OCI scanners: <https://github.com/opencontainers/distribution-spec/issues/564> - Reformating distribution-spec: <https://github.com/opencontainers/distribution-spec/issues/566> ### Notes: Notes from the zoom chat: 00:08:51 Brandon Mitchell: https://github.com/C2SP/C2SP/blob/main/BLAKE3.md 00:09:40 Jory Burson (LF): Merging https://github.com/opencontainers/tob/pull/146 00:24:40 Tianon (he/him): "Go-http-client" shaking my fist at Go 00:28:16 Sajay Antony: I like the idea of an intent honestly. 00:29:15 Jory Burson (LF): Brb - need to take a quick call 00:32:21 Tianon (he/him): retention policies and a truly content-addressable store are concepts that are somewhat at odds, and that is part of why this is a hard conversation we keep having 😄 00:32:53 Sajay Antony: @Michael @shama - do you folks see scanners being able to produce this header. 00:32:57 Tianon (he/him): Replying to "retention policies a..." ie, can't have meaningful content-addressable storage if the content you're trying to address goes away 😅 00:37:03 Sajay Antony: That compounded usecase is what I am concerned about. 00:41:52 Kyle Crane: I am new to the community. 00:42:03 Sajay Antony: Good discussion and seems like I got involved in his and missed an overlapping meeting. NTD folks. 00:42:20 Sajay Antony: *this -> scanner 00:42:30 Tianon (he/him): Replying to "I am new to the comm..." at the risk of being a little bit weird, I really love your name and hope you're familiar with https://github.com/google/go-containerregistry/tree/main/cmd/crane 😄❤️ 00:45:44 Kyle Crane: Replying to "I am new to the comm..." Full disclosure, I am working on https://www.signal.fyi/ . Here to make sure I am building in alignment with community best practice. This is the normal name reference I get: https://dyinglight.fandom.com/wiki/Kyle_Crane 00:53:33 Jory Burson (LF): I came back! 00:56:00 Jory Burson (LF): DAG-nabbit! ## February 6, 2025 **Recording**: https://youtu.be/tEyIaHmtVlI ### Attendees: - Mike Brown - Tianon - Sajay Antony - Brandon Mitchell - Jory Burson - Ramkumar Chinchani - Mrunal Patel - Michael Brown - W. Trevor King ### Actionable Agenda Items: - TOB Chair nomination window closing tomorrow: <https://github.com/opencontainers/tob/issues/147> ### Presentation/Discussion Agenda Items: - Referrers tag schema with alternate hash algorithms: - <https://github.com/opencontainers/distribution-spec/pull/563> - Algorithms do not have a length limit and may contain separators, both of which can break a tag: <https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests> - Should we limit referrers tag schema to only registered algorithms? - Should blake3 be registered in image-spec before adding to go-digest? - <https://github.com/opencontainers/go-digest/pull/66> - Ecosystem - Docker adding support for mounting images as volumes: <https://github.com/moby/moby/pull/48798> - Podman adding support for OCI artifacts: <https://blog.podman.io/2025/01/podman-introduces-support-for-oci-artifacts/> ### Notes: Notes from the zoom chat: 00:10:44 Brandon Mitchell: https://github.com/opencontainers/distribution-spec/blob/7872490e9d4943b20f11e21475bc13fd2e02b7d8/spec.md#L164-L166 00:11:48 Ramkumar Chinchani: Maybe some alg-names are special keywords and become an exception 00:12:01 Sajay Antony: Do we know why are they using the tag schema? 00:12:43 Tianon (he/him): a fun example of different ways these length limits become load-bearing in sometimes unexpected ways: https://github.com/goharbor/harbor/issues/15067 00:14:13 Mike Brown: https://github.com/opencontainers/distribution-spec/pull/256 00:17:06 Jory Burson (LF): Imma get a Blake3 hat for this call 00:18:48 Tianon (he/him): Replying to "Imma get a Blake3 ha..." if you actually do so, you should reach out to Jon because he's definitely a hat guy and would probably love this 00:22:36 Brandon Mitchell: https://github.com/opencontainers/image-spec/blob/fbb4662eb53b80bd38f7597406cf1211317768f0/descriptor.md#L156-L162 00:25:57 Tianon (he/him): "finding holes in stuff [we] never even considered" is wking's historic OCI legacy 🙂 00:26:30 Sajay Antony: What client/registry is this facing a problem with? 00:28:02 Tianon (he/him): Replying to "What client/registry..." given Mrunal is back too, I'm guessing this is FIPS-related (where Uncle Sam has decided that SHA-512 is "post-quantum safe" even though it just moves the goalpost further out) 👀 00:36:21 Ramkumar Chinchani: Replying to "What client/registry..." isn't all crypto like that? 00:37:56 Tianon (he/him): Replying to "What client/registry..." sure, but if the goal is explicitly the combination of FIPS compliance and post-quantum, I think there might be other hashing algorithms we should consider as well/instead 00:38:14 Tianon (he/him): Replying to "What client/registry..." ie, if we have to break a lot of stuff to get SHA-512 working, let's do that work for something more interesting instead 00:41:50 Tianon (he/him): Replying to "What client/registry..." I talked to a few folks (who I unfortunately couldn't convince to join this call) about post-quantum hashing who have a lot more experience with it than I do (which doesn't take much but it's something), and their honest recommendation was that blake3 is probably worth considering over SHA-512, but with the important caveat that it's not FIPS-approved 00:43:56 Mrunal Patel: Replying to "What client/registry..." I think it would be best to make it configurable so both aspects are covered. 1. Being compliant with FIPS 2. Using the most secure / best crypto export recommended algorithm that FIPS hasn't caught up to yet. 00:45:37 Tianon (he/him): Replying to "What client/registry..." the "fractal of complexity" option, yep, I dig it 😁 (that's in-line with how the formats are designed for sure, and I imagine is part of why in-toto's "descriptor" analogue has digests be a list instead of a single value) 00:52:17 Tianon (he/him): https://github.com/CloudNativeAI/model-spec/blob/main/docs/spec.md fwiw, someone's been listening and these are tar-based 🙂 00:53:30 Brandon Mitchell: Replying to "https://github.com/C..." I chimed in on that one when they wanted to make it an Artifact without tars. 00:55:10 Tianon (he/him): https://github.com/moby/moby/pull/48798 merged yesterday 👀 ## January 30, 2025 **Recording**: <https://youtu.be/cu5qD5I0T7Q> ### Attendees: - Brandon Mitchell - Ramkumar Chinchani - Tianon - Jory Burson - Mrunal Patel - Mike Brown - Syed Ahmed - Samuel Karp ### Actionable Agenda Items: - Website update needs approval: <https://github.com/opencontainers/opencontainers.org/pull/157> - Jory has a notice going out for members, 30 days ends March 1 ### Presentation/Discussion Agenda Items: - distribution-spec v1.1.1 released: <https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.1> - TOB election needs to be run for chair: - <https://github.com/opencontainers/tob/pull/146> - Chair election from last year: <https://github.com/opencontainers/tob/issues/143> - Chair election for 2025: <https://github.com/opencontainers/tob/issues/147> - New board members can send a bio to Brandon for the website - (Mrunal) sha 512 support in distribution spec for PQC - <https://github.com/opencontainers/distribution-spec/issues/494> - <https://github.com/opencontainers/distribution-spec/pull/543/files> - <https://github.com/kubernetes-sigs/node-feature-discovery/releases/tag/v0.17.0> ### Notes: Notes from zoom chat: 00:02:39 Brandon Mitchell: https://opencontainers.org/about/tob/ 00:13:39 Samuel Karp: I'm guessing I missed this; is there a short summary of the motivation for sha512 over sha256? 00:14:43 Ramkumar Chinchani: We have been discussing BLAKE3 for performance reasons https://crypto.stackexchange.com/questions/88585/post-quantum-security-of-the-blake-family 00:15:13 Samuel Karp: Yeah, performance reasons for BLAKE3 make sense, but both sha256 and sha512 are from the SHA-2 family. 00:16:11 Ramkumar Chinchani: In general, the theme is a future of mixed crypto is near, possibly very near 00:16:17 Syed Ahmed: It’s a suggestion from CNSA 00:16:56 Syed Ahmed: https://media.defense.gov/2022/Sep/07/2003071836/-1/-1/0/CSI_CNSA_2.0_FAQ_.PDF 00:17:42 Jory Burson (LF): (TOB election, in case someone wants to nominate cough Sam cough 00:17:47 Jory Burson (LF): https://github.com/opencontainers/tob/issues/147 00:18:06 Mike Brown: PAUL SCHWEIGERT paulschw@us.ibm.com ibm research working on quantum safe algs.. or at least would have the links 00:18:33 Mrunal Patel: Thanks Mike! 00:19:32 Tianon (he/him): Replying to "https://media.defens..." my reading of this is "if you're using SHA, make sure it's 384 or 512", not "you should use SHA-512", but maybe I've missed something 😅 00:20:52 Syed Ahmed: Replying to "https://media.defens..." No, that’s what I read as well. looks like we have the option of 384/512 00:29:12 Mike Brown: https://github.com/opencontainers/image-spec/blob/main/descriptor.md#digests 00:29:28 Mrunal Patel: Thanks! 00:30:19 Mike Brown: “Registered algorithms: While the algorithm component of the digest string allows the use of a variety of cryptographic algorithms, compliant implementations SHOULD use SHA-256.” 00:35:53 Ramkumar Chinchani: https://zotregistry.dev/ zot should also support this imo out of the box 00:36:07 Brandon Mitchell: https://github.com/olareg/olareg 00:36:22 Mrunal Patel: Thanks for the links! 00:36:26 Mike Brown: https://github.com/opencontainers/go-digest 00:36:48 Brandon Mitchell: https://github.com/regclient/regclient 00:36:57 Brandon Mitchell: "regctl image mod" 00:48:13 Jory Burson (LF): @Brandon Mitchell I’ve readied the member notice for the release, any questions before that goes out 00:48:35 Brandon Mitchell: Replying to "@Brandon Mitchell I’..." None from me, ship it 00:49:18 Jory Burson (LF): Replying to "@Brandon Mitchell I’..." 30 day period ends on March 1, FYI 00:57:26 Brandon Mitchell: https://github.com/kubernetes-sigs/node-feature-discovery/releases/tag/v0.17.0 01:02:19 Ramkumar Chinchani: ntd ## January 23, 2025 **Recording**: https://youtu.be/bWmUfnFMmjY ### Attendees: - Tianon - Mike Brown - Ramkumar Chinchani - Brian Goff - Brandon Mitchell - Derek McGowan - Jory Burson - Michael Brown - Samuel Karp ### Actionable Agenda Items: None ### Presentation/Discussion Agenda Items: - distribution-spec needs releases for `actions.yml` to avoid breaking everyone's CI: - <https://github.com/opencontainers/distribution-spec/pull/560> - <https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/> - <https://github.com/opencontainers/distribution-spec/pull/561> - Jory is looking for committee members for Container Plumbing Days at OSS EU - Mike and Brandon volunteered - Request to cut an image-spec release: - External projects want to cleanup their dependencies <https://github.com/opencontainers/image-spec/pull/1189> - Erofs in containerd: <https://github.com/containerd/containerd/pull/10705> - discussed how image selection could work when erofs is seen by older runtimes ### Notes: Notes from the zoom chat: 00:04:12 Ramkumar Chinchani: https://github.com/containerd/containerd/pull/10705 just fyi, if folks not already aware 00:07:45 Brandon Mitchell: https://github.com/opencontainers/image-spec/releases/tag/v1.0.2 00:11:19 Jory Burson (LF): That explains it, I was hanging out in the wrong zoom 🤦‍♀️ 00:18:22 Tianon (he/him): pretty sure the major.minor.patch terminology predates semver 😅 00:25:20 Derek McGowan: Co-located with which event? 00:33:08 Samuel Karp: I won't be able to attend Amsterdam 00:35:47 Mike Brown: container plumbing days / mini summit for oci.. spin it with some AI related projects how does oci enable ___ 00:37:07 Tianon (he/him): "miner patch" 00:41:28 Mike Brown: optimize process for handling oci media types… more than “convert" 00:42:49 Mike Brown: “only one mount is required for each container image instead of one mount per layer " 00:42:54 Mike Brown: interesting ^^ 00:43:29 Samuel Karp: the container mountns only sees one mount that is the rootfs, but we do have more mounts outside the container mountns 00:45:22 Brandon Mitchell: https://github.com/opencontainers/wg-image-compatibility/tree/main/docs/proposals 00:47:45 Brandon Mitchell: https://github.com/opencontainers/image-spec/blob/main/image-index.md 00:50:28 Mike Brown: https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/descriptor.go#L52-L72 00:50:44 Brandon Mitchell: https://github.com/regclient/regclient/pull/775 00:52:28 Mike Brown: ah missed you guys were talking about some new prefer… vs first of a specific match to a set of platform fields 00:52:56 Mike Brown: thought we were going with the later.. for k8s like scenarios 00:56:55 Derek McGowan: https://github.com/containerd/platforms/pull/20 00:58:43 Brian Goff: buildkit... 00:58:51 Brandon Mitchell: My prefer string is ugly https://github.com/regclient/regclient/pull/775/files#diff-fa22c7f98e5449042e7dd1aba9e5cfdfec3e706dad98dbf18f9bec0a65039087R134-R138 01:01:20 Mike Brown: standards .. he who merges first.. 01:01:20 Jory Burson (LF): I have to drop, talk to you folks soon! 01:02:56 Mike Brown: where I get nervous is trying to “partial” match or match one way before using a field and a different way after updating a tool 01:05:40 Samuel Karp: have to drop now ## January 16, 2025 **Recording**: https://youtu.be/SrYt6Y2GnX0 ### Attendees: - Brandon Mitchell - Jory Burson - Sajay Antony - Joseph Ferguson - Ramkumar Chinchani Regrets: - Mike Brown (can't attend today containerd summit) ### Actionable Agenda Items: None ### Presentation/Discussion Agenda Items: - Jory still needs one TM board member to vote for budget - Planning for container plumbing days / August mini-summit - go-digest dropped sha384: <https://github.com/opencontainers/go-digest/pull/97> - Discussing blake3 and mixed content - os.features syntax: <https://github.com/opencontainers/image-spec/issues/1237> - Should Gradle implementation be added: <https://github.com/opencontainers/image-spec/pull/1156> - Should layers like estargz be defined by the spec: <https://github.com/opencontainers/image-spec/pull/877> - Don't want to standardize stuff documented outside of OCI, but it would be good to document the OCI media types, annotations, and validation process. - Should we update release steps to update specs web page: <https://github.com/opencontainers/specs.opencontainers.org/pull/7> - No objection to sending a PR for release steps, few know this page exists. - Canonical JSON could use more opinions: <https://github.com/opencontainers/image-spec/issues/1226> - Ram would like to see Go implementations output canonical JSON ### Notes: Notes from the zoom chat: 00:16:46 Brandon Mitchell: Golang discussion on Blake3: https://github.com/golang/go/issues/36632 00:17:30 Brandon Mitchell: Also at https://github.com/golang/go/issues/32447 00:26:33 Sajay Antony: I see the love for Blake3 and want to front load all the conversations with the Security folks. 00:27:05 Sajay Antony: NTD> 00:37:16 Ramkumar Chinchani: https://specs.opencontainers.org/ 00:37:21 Ramkumar Chinchani: ^ this is a real thing? ## January 9, 2025 **Recording**: https://youtu.be/FwppRjliSb0 ### Attendees: - Tianon - Brian Goff - Brandon Klein - Brandon Mitchell - Sajay Antony - Mike Brown - Jory Burson - Samuel Karp ### Actionable Agenda Items: - Ready for review - <https://github.com/opencontainers/image-spec/pull/1225> - <https://github.com/opencontainers/image-spec/pull/1227> - <https://github.com/opencontainers/image-spec/pull/1228> - <https://github.com/opencontainers/image-spec/pull/1229> - <https://github.com/opencontainers/image-spec/pull/1230> ### Presentation/Discussion Agenda Items: - Annotation for artwork: <https://github.com/opencontainers/image-spec/issues/1231> - Trailing spec vs trailing implementations: <https://github.com/opencontainers/distribution-spec/issues/485> ### Notes: Notes from zoom chat: 00:04:34 Tianon (he/him): ouch 00:04:40 Tianon (he/him): I'm losing feeling in my toes just thinking about that 00:05:40 Tianon (he/him): I used to live in a place that gets snow, and now I live in Las Vegas, and that's very much not a coincidence 00:10:23 Brian Goff: referrers 🙂 00:13:16 Tianon (he/him): plop a new entry in the index; platform: { os: "metadata", architecture: "logo" } 00:13:25 Tianon (he/him): Replying to "plop a new entry in ..." (for the avoidance of doubt, this is mostly trolling Brandon) 00:17:20 Brandon Mitchell: https://oci.dag.dev/ 00:18:02 Tianon (he/him): Replying to "https://oci.dag.dev/..." OSS, too: https://github.com/jonjohnsonjr/dagdotdev 00:18:11 Tianon (he/him): Replying to "https://oci.dag.dev/..." (so you can run your own instance and access private data, if you need to) 00:19:18 Tianon (he/him): make the registry accept otherwise-invalid tags like xxx:_metadata to store repo-level data 👀 00:22:38 Sajay Antony: Replying to "make the registry ac..." Yep we agreed on some tag like that to have teams push their repo metadata to have the front end expose the content on the UX. 00:24:37 Mike Brown: sure would be nice if someone open sourced their registry api 00:25:05 Tianon (he/him): Replying to "sure would be nice i..." https://pkg.go.dev/cuelabs.dev/go/oci/ociregistry 00:26:17 Sajay Antony: Docker Blue .... 😂 00:26:23 Brandon Mitchell: https://github.com/opencontainers/distribution-spec/issues/485 00:26:30 Brian Goff: Is the API for Hub even published? 00:26:53 Jory Burson (LF): That’s the funniest thing I’ve heard in a long while 00:27:35 Tianon (he/him): Replying to "That’s the funniest ..." gonna quit tech and become a comedian ❤️ 00:29:53 Jory Burson (LF): I will have to drop at the half hour but my update is that I don’t have any updates today! The Trademark Board is missing a vote or two to finish ratifying OCI’s budget. But that’s it! 00:34:17 Samuel Karp: https://github.com/opencontainers/tob#members 00:39:58 Tianon (he/him): I don't know anyone with an affinity for old software (cough https://github.com/tianon/oci-schema1 cough) 00:42:31 Brian Goff: That's some jq 00:46:16 Brandon Mitchell: https://github.com/opencontainers/distribution-spec/pull/391 00:47:51 Samuel Karp: Mute? 00:49:52 Sajay Antony: zoom is messing me with. compounded with remote machine. 00:50:38 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/1225 00:50:40 Sajay Antony: I'll take a look at 1225. ## January 2, 2025 Canceled for holidays ## December 26, 2024 Canceled for holidays ## December 19, 2024 **Recording**: https://youtu.be/sjSFqoQTElw ### Attendees: - Brandon Mitchell - Jory Burson - Ramkumar Chinchani - Brian Goff - Samuel Karp ### Actionable Agenda Items: - Ready for review - <https://github.com/opencontainers/image-spec/pull/1225> - <https://github.com/opencontainers/image-spec/pull/1227> - <https://github.com/opencontainers/image-spec/pull/1228> - <https://github.com/opencontainers/image-spec/pull/1229> ### Presentation/Discussion Agenda Items: - Security announce addition, is this the public or maintainer mailing list? - <https://groups.google.com/a/opencontainers.org/g/tob/c/VaFB-VeL5ko> - Jory: this is likely an embargo list, not public, and not the internal maintainer list - Replacing Container Plumbing Days event with OSSummit event: - EU event already scheduled: <https://events.linuxfoundation.org/container-plumbing-days/> - Adjacent to OSSummit EU: <https://events.linuxfoundation.org/open-source-summit-europe/> - Proposal for Thursday or Friday half day event: <https://events.linuxfoundation.org/open-source-summit-north-america/program/schedule-at-a-glance/> - CFP, prepared maintainer talks, BOF, or some other format? - Jory: Managed by OSSummit organizers, CFPs reviewed by trademark board members, and open to others. - Canonical JSON: - <https://github.com/opencontainers/image-spec/issues/1226> - Next two meetings canceled for holidays ### Notes: From the zoom chat: 00:19:20 Brian Goff: If it was Seattle... I was probably there, but I don't recall. 00:19:36 Brian Goff: Replying to "If it was Seattle......" So helpful 🙂 00:19:37 Ramkumar Chinchani: fat fingers! 00:19:52 Ramkumar Chinchani: just going over the agenda items 00:21:24 Brandon Mitchell: https://containerplumbing.org/videos 00:24:12 Brian Goff: I would love to go, but life says probably otherwise. 00:41:58 Brandon Mitchell: https://datatracker.ietf.org/doc/html/rfc6919 00:42:03 Brian Goff: Love Levitz ## December 12, 2024 **Recording**: https://youtu.be/CUyH319O9hM ### Attendees: - Brandon Mitchell - Michael Brown - Tianon - Ramkumar Chinchani - Jory Burson - Brian Goff - Mike Brown - Sajay Antony ### Actionable Agenda Items: - Ready for review - <https://github.com/opencontainers/oci-conformance/pull/124> - <https://github.com/opencontainers/distribution-spec/pull/556> - Mike: LGTM merged.. ### Presentation/Discussion Agenda Items: - Ram's demo of Stacker with a new layer type (TBD?) - Looking at soci, squashfs, and erofs - Building image with Stacker: <https://github.com/project-stacker/stacker> - Mounting layers with Atomfs: <https://github.com/project-machine/atomfs> - Should distribution-spec be changed to require registries rescan every manifest when adding referrers support? - Reference: <https://github.com/moby/buildkit/pull/5573> - Mixing digest algorithms, should spec be updated with clarification? - <https://github.com/opencontainers/image-spec/issues/874> - Policy for supporting Go releases - <https://github.com/opencontainers/image-spec/issues/899> - runc v1.2.3 released: <https://github.com/opencontainers/runc/releases/tag/v1.2.3> ### Notes: - Planning to cancel the Dec 26 and Jan 2 meetings. From the zoom chat: 00:07:49 Sajay Antony: Yes I remember we agreed on the using the digest tag. But then its guidance only. 00:12:50 Sajay Antony: There is in general a lot of new content given all the security push. 00:14:06 Brian Goff: Graphic 00:15:14 Sajay Antony: I'd vote for removing the fallback tag in 2.0 and leave the world to settle for the next 6 months+ 00:17:47 Sajay Antony: Zoom doing its thing 00:20:37 Sajay Antony: Ah .. build on a base image is interesting. 00:30:21 Jory Burson (LF): I have to drop at the half hour but wanted to share a few Back of House updates for you all: 1) the trademark board is currently voting on the 2025 budget 🎉 2) related to above, they are keeping an allocation of $25k for software development work - to the extent that we want to make progress on the conformance site this year that budget remains 3) (will follow up on this in chat, too) - the Container Plumbing event that we sponsored last year was over budget, and Chris would like to see us use our budget do host an OCI “mini-summit” instead (cheaper) at OSSNA 00:31:49 Jory Burson (LF): and last but not least, would you all like to do a blog post summarizing the outcome of the election 00:32:37 Jory Burson (LF): Slack me! and See you all next week 🎉 00:40:18 Sajay Antony: Really cool stuff @Ramkumar Chinchani. 00:40:43 Sajay Antony: NTD. Stayed longer than I should. 00:42:43 Ramkumar Chinchani: https://www.cyphar.com/blog/post/20190121-ociv2-images-i-tar 00:45:59 Brandon Mitchell: https://events.linuxfoundation.org/open-source-summit-north-america/ 00:46:59 Tianon (he/him): maybe worth talking about holiday time? FWIW, I'll be out of office for the rest of the year, so I'll see y'all in Jan 👀 ## December 5, 2024 **Recording**: https://youtu.be/o918_rZ5I_A ### Attendees: - Tianon - Brandon Mitchell - Jon Johnson - Peter Treese - Erin Barratt - Brian Goff - Syed Ahmed ### Actionable Agenda Items: - Review needed: - Hard link limitations: <https://github.com/opencontainers/image-spec/pull/1211> ### Presentation/Discussion Agenda Items: - KEP-4639 is resulting in groups creating invalid OCI Images with OCI Artifact functionality - <https://github.com/CloudNativeAI/model-spec/blob/main/docs/spec.md> - <https://github.com/opencontainers/image-spec/blob/main/manifest.md#guidelines-for-artifact-usage> - <https://github.com/kubernetes/enhancements/issues/4639> - TOB Election results: <https://github.com/opencontainers/tob/issues/145#issuecomment-2515665252> ### Notes: From the zoom chat: 00:01:05 Peter Treese: Hello from Baltimore 00:03:13 Brandon Mitchell: https://hackmd.io/El8Dd2xrTlCaCG59ns5cwg?both# 00:03:23 Brandon Mitchell: I know our paths have crossed a few times in the past 00:05:45 Brandon Mitchell: https://github.com/CloudNativeAI/model-spec/blob/main/docs/spec.md 00:08:54 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/1197 00:09:22 Brian Goff: If they aren't tar-shaped then it'll be pear-shaped. 00:11:15 Brian Goff: "Straight forward" depending on what standard you are using 🙂 00:17:14 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/1141 00:23:35 Brian Goff: omg it's been so long. 00:25:21 Brian Goff: Feels good to break the rules. 00:35:03 Brian Goff: Compatability 00:35:41 Brian Goff: As Tianon mentioned earlier, OCI is more or less, what Docker defined 11 years ago. 00:36:47 Brian Goff: Replying to "As Tianon mentioned ..." Not to diminish effort that's been put into OCI, but everything has had to center around the original Docker implementations. 00:39:41 Brian Goff: Replying to "As Tianon mentioned ..." And to add, stuff in OCI tends to bubble up from work done in the runtimes/community rather than handed down from the spec. 00:40:11 Peter Treese: Thank guys. bye 00:50:59 Brian Goff: Parallel pulls/processing. ## November 28, 2024 Canceled, US holiday. ## November 21, 2024 **Recording**: https://youtu.be/nrYorcaWNqE ### Attendees: - Brandon Mitchell - Mike Brown - Tianon Gravi - Samuel Karp - Michael Brown - Brian Goff - Sajay Antony - Ramkumar Chinchani ### Actionable Agenda Items: - No items ### Presentation/Discussion Agenda Items: - Should the namespace specified in the registry proxy be usable in other APIs? - <https://github.com/opencontainers/distribution-spec/pull/66> - Tag listing, referrers, or pushing content to a push-through proxy? - How to reference content with a namespace (should there be a syntax to pull content directly from a proxy with a specific namespace)? - Can this be extended to an OCI Layout reference that stores content from multiple repositories in a single Layout directory? - Skipping next week for US Thanksgiving - Ram wants to demo some new functionality in Stacker with a new layer type next meeting - Looking at soci, squashfs, and erofs - Frontend: <https://github.com/project-stacker/stacker> - Backend: <https://github.com/project-machine/atomfs> ### Notes: Notes from the zoom chat: 00:06:19 Brandon Mitchell: https://github.com/opentofu/libregistry/tree/oci/registryprotocols/ociclient 00:10:46 Sajay Antony: basically pass in the upstream information? 00:12:16 Sajay Antony: Could you share information on the NS parameter? 00:16:34 Sajay Antony: If this is in scope or distribution, I'm trying to understand how a registry operator would use this? [Creating a pull through cache rule in Amazon ECR - Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/pull-through-cache-creating-rule.html) 00:21:21 Mike Brown: https://github.com/opencontainers/distribution-spec/issues/12 00:26:13 Brandon Mitchell: ocidir://path/dir#upstream_repo:tag 00:29:29 Brandon Mitchell: docker pull proxy.example.org#docker.io/proj/image:tag 00:30:59 Sajay Antony: I'm curious if the goal is the expand the distribution spec to be a proxy as well? 00:36:39 Sajay Antony: Its quite a bit of wiring up. I think enabling a proxy for your clusters is a common theme. 00:37:06 Sajay Antony: NTD for the not so fun conflict I have. Miss this group more 🙂 00:37:27 Mike Brown: said another way we are already proxying and need to formalize and secure it between client/registry 00:37:45 Mike Brown: and client/proxy cases 00:43:00 Ramkumar Chinchani: sorry, back from the dentist, left side still numb 00:48:11 Brian Goff: Also need to be able to experiment. 00:49:31 Brandon Mitchell: "Implementations MAY implement SHA-512 digest verification for use in descriptors." is the ultimate incompatibility feature in OCI today. :D 00:50:16 Ramkumar Chinchani: https://github.com/project-stacker/stacker 00:50:29 Ramkumar Chinchani: https://github.com/project-machine/atomfs 00:51:17 Brian Goff: Everyone hates writing json but only some people hate writing yaml. 00:51:44 Brian Goff: (tongue in cheek) 00:52:53 Brandon Mitchell: woot, OCI Layouts! 😀 ## November 14, 2024 Canceled for KubeCon meeting. ## November 12, 2024 - KubeCon US **Recording**: https://youtu.be/iYPf7hyDR5U - Time: Tuesday, Nov 12th, 2:30 - 4:30pm MST - Location: Salt Palace Convention Center | Level 2 | 253AB - Remote zoom (same as weekly): https://zoom.us/j/6449415895?pwd=S2tJVGVra0dYdlZCRjJwdXdPdGRQQT09 ### Attendees: - Brandon Mitchell - Samuel Karp - Mike Brown - Akihiro Suda - Antonio Ojea - Toru Komatsu - Phil Estes - Alexander D. Kanevskiy - Byonggon Chun - Antti Kervinen ### Actionable Agenda Items: - TOB nominations are open: <https://github.com/opencontainers/tob/issues/145> - Any maintainer may nominate, nominees do not need to be a maintainer. ### Presentation/Discussion Agenda Items: - Adding a cgroup repo: <https://github.com/opencontainers/tob/pull/144> - Vote has passed, and repo will be created. - (aojea) Linux network devices: <https://github.com/opencontainers/runtime-spec/pull/1271> - runtime-spec is focused on containers, but networking in K8s is at a pod level - OCI is currently focused on container concerns, Pods are a higher level concern of K8s - Proposing a primitive for netdev creation in a namespace, not prescribing behavior of higher-level layers like containerd/crio or Kubernetes - Mike would like an OCI specification for a set of containers (that would map to shims for pod spec support) - distribution-spec conformance tests - Also suggested that we create an image-spec that validates an OCI Layout (and optionally provide a tool that exports from a registry to an OCI Layout) - Inject MaskedPath without using k8s security context - What is the schedule for releasing new specs - OCI Volumes in K8s ## November 7, 2024 **Recording**: <https://youtu.be/I7U0YbJafXQ> ### Attendees: - Brandon Mitchell - Tianon - Syed Ahmed - Ramkumar Chinchani - Sajay Antony - Samuel Karp - Brian Goff - Jory Burson - Michael Brown ### Actionable Agenda Items: - image-spec reviews needed: - Hard links in union filesystems: <https://github.com/opencontainers/image-spec/pull/1211> - Ignore uname/gname: <https://github.com/opencontainers/image-spec/pull/1212> ### Presentation/Discussion Agenda Items: - containerd released v2.0.0: <https://github.com/containerd/containerd/releases/tag/v2.0.0> - Proposal for cgroup repo forked off from runc: <https://github.com/opencontainers/tob/pull/144> - runc source: <https://github.com/opencontainers/runc/tree/main/libcontainer/cgroups> - Platform in image manifest: <https://github.com/opencontainers/image-spec/issues/1216> ### Notes: Notes from the zoom chat: 00:04:56 Brandon Mitchell: https://github.com/opencontainers/tob/pull/144 00:06:19 Ramkumar Chinchani: Replying to "https://github.com/o..." Cgroups lib but limited to golang? 00:09:39 Brandon Mitchell: https://github.com/opencontainers/image-spec/issues/1216 00:09:41 Sajay Antony: the uid changes, i forgot to submit my review. before. 00:20:17 Jory Burson (LF): containerd - shall we highlight that anywere 00:21:36 Brian Goff: GPT loves to write docs. 00:23:11 Brandon Mitchell: (Oh, and Sajay too, derp) 00:24:53 Brandon Mitchell: https://github.com/opencontainers/tob/issues/118 00:25:20 Samuel Karp: CIVS usually 00:30:05 Tianon (he/him): gonna get gregkh back in here one way or another! 😂 00:30:45 Sajay Antony: This group has been super supportive. 00:37:34 Sajay Antony: Sorry folks need to drop. Have to be in another call. 00:37:36 Ramkumar Chinchani: NTD ## October 31, 2024 **Recording**: https://youtu.be/dqWUxX3fKvI ### Attendees: - Brandon Mitchell - Brandon Klein - Jory Burson - Ramkumar Chinchani - Sajay Antony - Tianon Gravi ### Actionable Agenda Items: - image-spec reviews needed: - Remove master references: <https://github.com/opencontainers/image-spec/pull/1207> - Pin versions on release: <https://github.com/opencontainers/image-spec/pull/1208> - Hard links in union filesystems: <https://github.com/opencontainers/image-spec/pull/1211> - Ignore uname/gname: <https://github.com/opencontainers/image-spec/pull/1212> ### Presentation/Discussion Agenda Items: - Platform in image manifest: <https://github.com/opencontainers/image-spec/issues/1216> - Digest verification requirements: <https://github.com/opencontainers/distribution-spec/pull/556> - Redirects/CDN in dist-spec? : <https://github.com/opencontainers/distribution-spec/issues/299> ### Notes: Notes from the zoom chat: 00:05:51 Tianon (he/him): https://github.com/kolyshkin 00:06:01 Brandon Mitchell: https://github.com/opencontainers/runc/issues/4114 00:10:59 Tianon (he/him): https://jqlang.github.io/jq/manual/v1.6/ 00:11:11 Tianon (he/him): https://jqlang.github.io/jq/ 00:11:44 Tianon (he/him): https://github.com/tianon/debian-bin/blob/7a94f900c5c6974b8c5f6b201034d1b09ae266df/jq/dpkg-version.jq 00:14:26 Brandon Mitchell: https://github.com/opencontainers/image-spec/issues/1216 00:17:09 Ramkumar Chinchani: Replying to "https://github.com/o..." don't we want to stay away from "Config" wrt artifacts? 00:23:17 Ramkumar Chinchani: Replying to "https://github.com/o..." lesser of two bad choices? 00:26:22 Ramkumar Chinchani: Replying to "https://github.com/o..." non-runnable artifacts 00:28:50 Sajay Antony: NTD to drop for cat herding. Will join back if that get's over faster 🙂 00:43:54 Tianon (he/him): https://github.com/distribution/distribution/blob/c427f845035d28faab65a9218407293bd917e7d5/docs/content/about/configuration.md#redirect ## October 24, 2024 **Recording**: https://youtu.be/5W9qXmhWTR4 ### Attendees: - Tianon - Brandon Mitchell - Jory Burson - Derek McGowan - Sajay Antony - Ramkumar Chinchani - Brian Goff ### Actionable Agenda Items: - image-spec reviews needed: - Remove master references: <https://github.com/opencontainers/image-spec/pull/1207> - Pin versions on release: <https://github.com/opencontainers/image-spec/pull/1208> - distribution-spec reviews needed: - Verify digests: <https://github.com/opencontainers/distribution-spec/pull/556> ### Presentation/Discussion Agenda Items: - runc - v1.2.0 released: <https://github.com/opencontainers/runc/releases/tag/v1.2.0> - image-spec: - EOS/Deprecation annotation: <https://github.com/opencontainers/image-spec/pull/903> - os-release annotations: <https://github.com/opencontainers/image-spec/issues/1152> - uname/gname: <https://github.com/opencontainers/image-spec/issues/1210> - hard links across layers: <https://github.com/opencontainers/image-spec/issues/1204> - *Remaining items deferred to a later meeting* - distribution-spec: - Conformance tests: <https://github.com/opencontainers/distribution-spec/issues/548> - TOB: - image-tools archive: <https://github.com/opencontainers/image-tools> - recommendations for repositories: <https://groups.google.com/a/opencontainers.org/g/tob/c/OFimwVDK0Fs> ### Notes: Notes from the zoom chat: 00:19:26 Tianon (he/him): arguably, every image is EOL the minute it's created, right? they can't be updated 🤔 00:19:54 Tianon (he/him): Replying to "arguably, every imag..." "supported" is probably more accurately a feature of tags - ie, "this tag will likely be updated in the future for bug fixes, security updates, etc" 00:25:05 Sajay Antony: Replying to "arguably, every imag..." This is also why we didn't invest too much effort into standardizing this. 00:28:41 Brandon Mitchell: Someone is about to break Tianon's world model: https://ttl.sh/ 00:36:25 Sajay Antony: NTD. Folks. 00:36:29 Sajay Antony: Sorry. 00:38:52 Tianon (he/him): https://github.com/jonjohnsonjr/tarp 00:40:48 Tianon (he/him): Replying to "https://github.com/j..." yeah this reports empty for these layers too, wild; I wonder where it stores the ownership data 🤔 00:44:54 Tianon (he/him): https://github.com/git/git/blob/fd3785337beb285ed7fd67ce6fc3d3bed2097b40/archive-tar.c#L229-L232 00:57:00 Brandon Mitchell: https://github.com/opencontainers/image-spec/blob/main/layer.md#hardlinks 00:58:45 Tianon (he/him): I tried to replicate with `<<<$'FROM bash\nRUN echo hi > foo.txt\nRUN ln foo.txt bar.txt'` and the end result makes bar.txt a copy of foo.txt, not a hard link 00:59:02 Tianon (he/him): Replying to "I tried to replicate..." (confirming our expectations) 00:59:11 Brian Goff: Nope ## October 17, 2024 **Recording**: https://youtu.be/NQflxFMrwqI ### Attendees: - Brandon Mitchell - Philip Laine - Tianon - Ramkumar Chinchani - Brian Goff - Sajay Antony - Mike Brown ### Actionable Agenda Items: - None ### Presentation/Discussion Agenda Items: - Registry proxying: <https://github.com/opencontainers/distribution-spec/pull/66> - TOB votes and open discussions: - archive image-tools: <https://groups.google.com/a/opencontainers.org/g/tob/c/PPFdx36D9u0> - code of conduct: <https://groups.google.com/a/opencontainers.org/g/tob/c/KAzq5Fnzg5Y> - <https://github.com/opencontainers/.github/pull/61> - defining repo standards: <https://groups.google.com/a/opencontainers.org/g/tob/c/OFimwVDK0Fs> - Remove references to master in image-spec: <https://github.com/opencontainers/image-spec/pull/1207> - Update image-spec release to pin external spec versions: <https://github.com/opencontainers/image-spec/pull/1208> - EOS/Deprecation annotation discussions: - <https://github.com/opencontainers/image-spec/pull/903> - <https://github.com/opencontainers/image-spec/issues/1152> - Mike: K8s mounting artifacts as volume - they plan to add artifact support next - Clients should verify requested digest: <https://github.com/opencontainers/distribution-spec/pull/556> - Content ideas for KubeCon meeting? ### Notes: From the zoom chat: 00:05:41 Philip Laine: https://github.com/opencontainers/distribution-spec/pull/66 00:08:26 Brandon Mitchell: The slack join link is here: https://opencontainers.org/community/overview/ 00:36:46 Sajay Antony: This is so interesting. I need to drop for a standing conflict. Erlang versioning I need to read up. 00:40:34 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/1197 00:45:44 Sajay Antony: Managed to get out of that meeting 🙂 00:50:38 Sajay Antony: folks have been working on CRI signature and other item validations. 00:51:29 Brandon Mitchell: custom extensions for that make a lot of sense, I worry about it getting into the k8s api directly 00:54:11 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/970 00:59:02 Brandon Mitchell: Now I'm triggered 01:01:44 Sajay Antony: atomic referrer put API, Latest referrer of an artifactType 01:02:03 Sajay Antony: Fun stuff later folks. ## October 10, 2024 **Recording**: https://youtu.be/jur-zCrG61E ### Attendees: - Tianon - Brandon Mitchell - Sajay Antony - Brian Goff - Ramkumar Chanchani ### Actionable Agenda Items: - none ### Presentation/Discussion Agenda Items: - none ### Notes: - Mentioned open TOB votes - <https://groups.google.com/a/opencontainers.org/g/tob/c/OFimwVDK0Fs> - Call to action: add agenda items for KubeCon meeting - Short meeting, no agenda ## October 3, 2024 **Recording**: https://youtu.be/e7kLLkLvYCE ### Attendees: - Brian Goff - Syed Ahmed - Brandon Klein - Joseph Ferguson - Michael Brown - Ramkumar Chanchani - Jory Burson - Sajay Antony - Brandon Mitchell ### Actionable Agenda Items: - TOB Vote to archive image-tools: - <https://github.com/opencontainers/image-tools> - <https://groups.google.com/a/opencontainers.org/g/tob/c/PPFdx36D9u0> - TOB Vote to update Code of Conduct: - <https://github.com/opencontainers/.github/pull/61> - <https://groups.google.com/a/opencontainers.org/g/tob/c/KAzq5Fnzg5Y> ### Presentation/Discussion Agenda Items: - Brandon: How should auth be setup in the OCI GitHub repos - Various teams list people that haven't been involved in the project for a long time - Archived projects still have admin access to shared repositories - Inconsistent access between spec maintainers on shared repositories - Jory has a room at KubeCon on Tuesday, OCI calendar has been updated ### Notes: From the zoom chat: 00:06:45 Brandon Mitchell: https://groups.google.com/a/opencontainers.org/g/tob 00:07:32 Brandon Mitchell: https://github.com/opencontainers/image-tools 00:08:40 Sajay Antony: Sounds good. 00:08:48 Sajay Antony: Will reply. 00:12:41 Brandon Mitchell: https://github.com/orgs/opencontainers/teams 00:18:16 Brandon Mitchell: https://github.com/orgs/opencontainers/teams/website ## September 26, 2024 **Recording**: https://youtu.be/SWQMmkaNWvQ ### Attendees: - Brandon Mitchell - Tianon - Ramkumar Chinchani - Brian Goff - Jory Burson - Syed Ahmed - Victor Lu ### Actionable Agenda Items: - Fixing endpoint status codes: <https://github.com/opencontainers/distribution-spec/pull/555> ### Presentation/Discussion Agenda Items: - Hard links between layers? <https://github.com/opencontainers/image-spec/issues/1204> ### Notes: From the zoom chat: 00:05:51 Jory Burson (LF): https://youtu.be/rvrZJ5C_Nwg?t=130 00:06:50 Brandon Mitchell: So a blurry affiliation. 00:07:05 Jory Burson (LF): https://docs.google.com/document/d/1tHcSsCwlIPRr6RKaCxtY2yCMl-0Nc9PVXX-jeVmYutk/edit 00:09:57 Tianon (he/him): on the timing discussion Brandon and I were having, OCI and CNCF were both ostensibly created/announced in June 2015, although OCI had immediate action in July and CNCF didn't do much until the following year (which tracks with the "what are we?" early confusion CNCF had that I was mentioning) 00:10:39 Ramkumar Chinchani: CNCF got it right by creating a formal project onboarding process 00:13:00 Tianon (he/him): Replying to "CNCF got it right by..." for OCI, that's really more of a reflection of OCI's purpose and focus - it was never intended to be a collection of projects, but rather a place to collaborate and coordinate on the very low-level bits 00:14:20 Brandon Mitchell: Reacted to "for OCI, that's real..." with ➕ 00:15:20 Brian Goff: lol, answering other people's questions. 00:16:16 Brian Goff: No, no history on hardlinks between layers here. 00:17:58 Tianon (he/him): I've sent a ping out to more Moby project maintainers to see if anyone there is willing to chime in on hard links between layers (although not holding my breath; this is a pretty hefty edge case scenario 😄) 00:19:39 Brian Goff: Replying to "I've sent a ping out..." Yeah, I imagine a lot of 🤷 ## September 19, 2024 **Recording**: https://youtu.be/7B4WAZfsB4A ### Attendees: - Tianon - Brandon Mitchell - Mike Brown - Sajay Antony - Brian Goff - Samuel Karp - Syed Ahmed ### Actionable Agenda Items: - zstd support: <https://github.com/opencontainers/image-spec/pull/1198> - distribution-spec release process: <https://github.com/opencontainers/distribution-spec/pull/460> ### Presentation/Discussion Agenda Items: - Proposed KubeCon room: Wednesday, Nov 13, 2:30-4:30pm MST - Sam to follow up and see whether we can have a room on Tuesday instead - OCI VolumeSource KEP - Mention of artifacts seems to cause confusion as the KEP generally just supports images ### Notes: From the zoom chat: 00:13:42 Brian Goff: Nope 00:17:42 Sajay Antony: I'm actually really excited to see that KEP materialize. 00:21:25 Sajay Antony: Volumes all the way down. 00:24:55 Brandon Mitchell: https://docs.google.com/document/d/1E7iKPOuyA1jxPe8vDG8aPd8jtnCEbpDpCifXDvDCnA0/edit# 00:29:25 Brandon Mitchell: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/4639-oci-volume-source#non-goals 00:29:50 Brandon Mitchell: "Manifest list use cases are left out for now and will be restricted to matching architecture like we do today for images." I may have misread that 00:30:06 Tianon (he/him): Replying to ""Manifest list use c..." yeah that sounds correct IMO 00:30:40 Tianon (he/him): Replying to ""Manifest list use c..." but the whole discussion has me thinking about how interesting it might be to have the runtime/orchestrator mount an OCI layout inside a container 🤔 00:34:39 Sajay Antony: layers are blobs. 00:34:55 Sajay Antony: but for image its clearly defined. 00:38:23 Brian Goff: So OCI is now a nix store 00:39:25 Sajay Antony: Glad we put in the limit. 00:39:31 Sajay Antony: Need to drop folks. 00:40:49 Brian Goff: Now you just need a mat with different conclusions that you can jump to. 00:41:08 Brian Goff: Replying to "Now you just need a ..." That's an "Office Space" reference ## September 12, 2024 **Recording**: https://youtu.be/8usYqCou9TU ### Attendees: - Tianon - Brandon Mitchell - Ramkumar Chinchani - Sajay Antony - Brian Goff ### Actionable Agenda Items: - nondistributable layers deprecation: <https://github.com/opencontainers/image-spec/pull/1200> - zstd support: <https://github.com/opencontainers/image-spec/pull/1198> - distribution-spec release process: <https://github.com/opencontainers/distribution-spec/pull/460> ### Presentation/Discussion Agenda Items: - Raw image layers: <https://github.com/opencontainers/image-spec/pull/1197> - URLs field: <https://github.com/opencontainers/image-spec/issues/1201> ### Notes: - Blake3 status - PR to update support isn't seeing traction <https://github.com/opencontainers/go-digest/pull/66> - go-digest hasn't had a release in a long while, so support in existing projects requires an import of a commit - Adding this to go-digest means an added dependency to every user of the project - Ideally, this could make it into the Go stdlib, but even making it into x/crypto is blocked waiting for the standard to mature: <https://github.com/golang/go/issues/36632> - Once supported, changes to the distribution-spec APIs would be needed to allow clients to push manifests and blobs with a different digest algorithms. Zoom chat: 00:16:02 Ramkumar Chinchani: basically, http download something and bind-mount into container 00:16:52 Sajay Antony: Tianon , you bring the Joy. 00:17:23 Tianon (he/him): Replying to "Tianon , you bring t..." I try so hard - these meetings can be so dry sometimes and I want us to remember we're people 😄 00:21:14 Brandon Mitchell: I like how Non-distributable layers says that they may include URLs but that it doesn't determine non-distributable: https://github.com/opencontainers/image-spec/blob/main/layer.md#non-distributable-layers 00:22:17 Sajay Antony: Ah the OCI - docker - same difference. 00:22:27 Ramkumar Chinchani: https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/ 00:25:04 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/442 00:27:19 Sajay Antony: Oh wow song download with multiple formats indexes would be cool. 00:27:32 Tianon (he/him): no interesting references to urls in https://github.com/opencontainers/distribution-spec/commit/c90b0f145ac6bc09d2636ee214486ac333edc284 00:32:39 Brian Goff: I don't think we talked about it last week and I missed the week before. Anything new re: Blake3? 00:34:34 Sajay Antony: Is there a way for Buildkit to produce Blake3 already? 00:34:51 Brian Goff: Replying to "Is there a way for B..." Nope. 00:36:54 Brandon Mitchell: https://github.com/opencontainers/go-digest/pull/66 00:37:06 Tianon (he/him): one* PR away! 😂 00:37:12 Brian Goff: Sorry, missed the last few minutes due to school calling me. 00:37:19 Tianon (he/him): Replying to "Is there a way for B..." *actual number may vary 00:37:33 Tianon (he/him): (talk to your doctor Docker to see if PRs are right for you) 00:39:12 Brian Goff: Same (re: 3rd party lib) 00:40:29 Tianon (he/him): https://github.com/golang/go/issues/36632 NTD for another meeting.tony: Sounds like Brian is signing up for championing blake3 😂 ## September 5, 2024 **Recording**: https://youtu.be/OFyzjajQ7gk ### Attendees: - Brian Goff - Jory Burson - Brandon Mitchell - Syed Ahmed - Ramkumar Chanchani - Tianon - Sajay Antony - Mike Brown - Brandon Klein ### Actionable Agenda Items: - Request for feedback on index entries <https://github.com/opencontainers/distribution-spec/issues/550> ### Presentation/Discussion Agenda Items: - Remaining items for zstd support <https://github.com/opencontainers/image-spec/issues/803> - Action: Opened <https://github.com/opencontainers/image-spec/pull/1198> - Deleting by tag: <https://github.com/opencontainers/distribution-spec/issues/551> - Action: Opened <https://github.com/opencontainers/distribution-spec/pull/552> ### Notes: From the zoom chat: 00:03:31 Brian Goff: 2nd day of school for the kids and I'm already done this morning. 00:05:47 Tianon (he/him): and the buildkit issue is "fixed" but the fix isn't enabled by default (it's opt-in 🙃) 00:06:58 Brandon Mitchell: https://github.com/opencontainers/image-spec/issues/803 00:07:28 Brian Goff: lol I think its easier to say "z-standard" then it is to say "z-s-t-d" 00:08:19 Tianon (he/him): Replying to "lol I think its easi..." "zee studd" slurring the u a bit, for the cursed option 00:10:54 Brian Goff: +1 should 00:15:04 Sajay Antony: content Negotiation per blob? 00:19:58 Mike Brown: IMO.. on the 803 PR use plain language in a note: regarding some registries and clients MAY also… and explain that this is optional and may not be supported in all 1.0/1.1 image manifest implementations 00:32:15 Brian Goff: We have 2 digests now. 00:32:50 Brian Goff: Probably also don't need 2 digests if you can verify the uncompressed blob digest. 00:33:00 Brian Goff: (with transport compression) 00:38:31 Sajay Antony: Need to drop for some fun compliance work discussions 00:46:56 Jory Burson (LF): Back to school! 00:49:42 Brian Goff: 🎤 00:49:57 Jory Burson (LF): Oh captain my captain! 00:52:20 Mike Brown: https://github.com/opencontainers/image-spec/pull/775 00:52:21 Tianon (he/him): it's probably not productive to say "a compelling reason to get the marginal gains of zstd" in the things we're missing? 😂 00:53:00 Brian Goff: /me writes a 2nd thing called zstd 00:53:53 Brandon Mitchell: Embrace, extend, confuse 00:54:19 Brandon Mitchell: https://github.com/opencontainers/distribution-spec/issues/551 00:55:35 Mike Brown: 775 may be controversial but: “Container Runtimes Implemented and upstreamed for containerd stack containerd (1.3+) https://github.com/containerd/imgcrypt Implemented and upstreamed for RedHat stack cri-o 1.17+ buildah 1.5+ skopeo“ ## April 2024 - March 2025 Call Logs The sixth year of archived call logs is located on OCI GitHub as [oci-weekly-notes-2024-apr-2025-mar.md](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2024-apr-2025-mar.md). ## April 2023 - March 2024 Call Logs The fifth year of archived call logs is located on OCI GitHub as [oci-weekly-notes-2023-apr-2024-mar.md](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2023-apr-2024-mar.md). ## April 2022 - March 2023 Call Logs The fourth year of archived call logs is located on OCI GitHub as [oci-weekly-notes-2022-apr-2023-mar.md](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2022-apr-2023-mar.md). ## April 2021 - March 2022 Call Logs The third year of archived call logs is located on OCI GitHub as [oci-weekly-notes-2021-apr-2022-mar.md](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2021-apr-2022-mar.md). ## April 2020 - March 2021 Call Logs The second year of archived call logs is located on OCI GitHub as [oci-weekly-notes-2020-apr-2021-mar.md](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2020-apr-2021-mar.md). ## March 2019 - March 2020 Call Logs Older call logs are archived on the OCI GitHub [here](https://github.com/opencontainers/.github/blob/main/meeting-notes/oci-weekly-notes-2019-mar-2020-mar.md) covering March 2019 - March 2020. ## Template ## Meeting Date ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - _add your items_ ### Notes: - _add your notes_

Import from clipboard

Advanced permission required

Your current role can only read. Ask the system administrator to acquire write and comment permission.

This team is disabled

Sorry, this team is disabled. You can't edit this note.

This note is locked

Sorry, only owner can edit this note.

Reach the limit

Sorry, you've reached the max length this note can be.
Please reduce the content or divide it to more notes, thank you!

Import from Gist

Import from Snippet

or

Export to Snippet

Are you sure?

Do you really want to delete this note?
All users will lose their connection.

Create a note from template

Create a note from template

Oops...
This template is not available.
Upgrade
All
  • All
  • Team
No template found.

Create custom template

Upgrade

Delete template

Do you really want to delete this template?
Turn this template into a regular note and keep its content, versions, and comments.

This page need refresh

You have an incompatible client version.
Refresh to update.
New version available!
See releases notes here
Refresh to enjoy new features.
Your user state has changed.
Refresh to load new user state.

Sign in

Forgot password

or

By clicking below, you agree to our terms of service.

Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
Wallet ( )
Connect another wallet

New to HackMD? Sign up

Help

  • English
  • 中文
  • Français
  • Deutsch
  • 日本語
  • Español
  • Català
  • Ελληνικά
  • Português
  • italiano
  • Türkçe
  • Русский
  • Nederlands
  • hrvatski jezik
  • język polski
  • Українська
  • हिन्दी
  • svenska
  • Esperanto
  • dansk

Documents

Tutorials

Book Mode Tutorial

Slide Mode Tutorial

Contacts

Facebook

Twitter

Discord

Feedback

Send us email

Resources

Releases

Pricing

Blog

Policy

Terms

Privacy

Cheatsheet

Syntax Example Reference
# Header Header 基本排版
- Unordered List
  • Unordered List
1. Ordered List
  1. Ordered List
- [ ] Todo List
  • Todo List
> Blockquote
Blockquote
**Bold font** Bold font
*Italics font* Italics font
~~Strikethrough~~ Strikethrough
19^th^ 19th
H~2~O H2O
++Inserted text++ Inserted text
==Marked text== Marked text
[link text](https:// "title") Link
![image alt](https:// "title") Image
`Code` Code 在筆記中貼入程式碼
```javascript
var i = 0;
```		 
var i = 0;
:smile: :smile: Emoji list
{%youtube youtube_id %} Externals
$L^aT_eX$ LaTeX
:::info
This is a alert area.
:::

This is a alert area.

Versions and GitHub Sync

Sign in to link this note to GitHub Learn more
This note is not linked with GitHub Learn more
 
Add badge Pull Push GitHub Link Settings
Upgrade now

Version named by    

More Less
  • Edit
  • Delete

Note content is identical to the latest version.
Compare with
    Choose a version
    No search result
    Version not found

Feedback

Submission failed, please try again

Thanks for your support.

On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

Please give us some advice and help us improve HackMD.

 

Thanks for your feedback

Remove version name

Do you want to remove this version name and description?

Transfer ownership

Transfer to
    Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

      Link with GitHub

      Please authorize HackMD on GitHub
      • Please sign in to GitHub and install the HackMD app on your GitHub repo.
      • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
      Learn more  Sign in to GitHub

      Push the note to GitHub Push to GitHub Pull a file from GitHub

        Authorize again
       

      Choose which file to push to

      Select repo
      Refresh Authorize more repos
      Select branch
      Select file
      Select branch
      Choose version(s) to push
      • Save a new version and push
      • Choose from existing versions
      Include title and tags
      Available push count

      Upgrade

      Pull from GitHub

       
      File from GitHub
      File from HackMD

      GitHub Link Settings

      File linked

      Linked by
      File path
      Last synced branch
      Available push count

      Upgrade

      Danger Zone

      Unlink
      You will no longer receive notification when GitHub file changes after unlink.

      Syncing

      Push failed

      Push successfully