# OCI Weekly Discussion ###### tags: `oci` `discussion` Time: 1700 GMT (1300 EST; 1000 PST; 1900 CET; 0300 AEST; 0100 CST) - [OCI Calendar](https://calendar.google.com/calendar/b/2/r?cid=bGludXhmb3VuZGF0aW9uLm9yZ19pMHNhZG8waTM3ZWtuYXI1MXZzdThtZDVoZ0Bncm91cC5jYWxlbmRhci5nb29nbGUuY29t) - [Conference URL](https://zoom.us/j/6449415895?pwd=S2tJVGVra0dYdlZCRjJwdXdPdGRQQT09) with embedded passcode - One tap mobile [+16465588656,,6449415895#](+16465588656,,6449415895#) US (New York) [+16699006833,,6449415895#](+16699006833,,6449415895#) US (San Jose) Passcode: 77777 *(5 7's)* Dial by your location +1 646 558 8656 US (New York) +1 669 900 6833 US (San Jose) 877 369 0926 US Toll-free 855 880 1246 US Toll-free Meeting ID: 644 941 5895 Find your local number: https://zoom.us/u/aLDk4OXTu Working groups:p - Auth: <https://hackmd.io/YyhWh7X_RuCod0i0mGxVLg> - Image Compatibility: <https://hackmd.io/060HKC3DTV-NzzewNQbHCg> - FreeBSD: <https://hackmd.io/hq_NOVL4RZS7xYYMqfJ6-A> *template at the bottom* ## February 5, 2026 **Recording**: https://youtu.be/leBTsXJhkTI ### Attendees: - Samuel Karp - Jeff Carter - Tianon - Brandon Mitchell - Sajay Antony - Ramkumar Chinchani - Shaon Hossain - Syed Ahmed ### Actionable Agenda Items: - distribution-spec blob put with invalid range: <https://github.com/opencontainers/distribution-spec/pull/593> - Docker-Content-Digest header: <https://github.com/opencontainers/distribution-spec/pull/595> ### Presentation/Discussion Agenda Items: - image-spec platforms: <https://github.com/opencontainers/image-spec/pull/1305> - Licensing headers: <https://github.com/opencontainers/tob/issues/151> - LF needed: - TOB election status: <https://github.com/opencontainers/tob/issues/148> ### Notes: Notes from the zoom chat: 00:09:28 Brandon Mitchell: https://github.com/opencontainers/image-spec/pull/1305 00:11:02 Sajay Antony: Replying to "https://github.com/o..." +1 on your response 00:11:33 Tianon: I should probably footnote that comment with the fact that for all of my personal builds of anything containerd-adjacent, I patch that normalization code to be explicit about v8 for arm64 because implicit values suck, especially when they're embedded in an image 00:12:33 Tianon: https://github.com/containerd/platforms/blob/2e51fd9435bd985e1753954b24f4b0453f4e4767/database.go#L76 ## January 29, 2026 **Recording**: https://youtu.be/XEFNm7yyoAY ### Attendees: - Brandon Mitchell - Tianon - Syed Ahmed - Derek McGowan - Jeff Carter - Samuel Karp - Brian Goff - Shaon Hossian - Sajay Antony ### Actionable Agenda Items: - Review needed to archive minutes: <https://github.com/opencontainers/.github/pull/68> - distribution-spec cancel endpoint: <https://github.com/opencontainers/distribution-spec/pull/594> - distribution-spec blob put with invalid range: <https://github.com/opencontainers/distribution-spec/pull/593> ### Presentation/Discussion Agenda Items: - Docker-Content-Digest header: - <https://github.com/opencontainers/distribution-spec/pull/595> - Context: <https://github.com/opencontainers/distribution-spec/pull/543#discussion_r2693119425> - LF needed: - TOB election status: <https://github.com/opencontainers/tob/issues/148> - Licensing headers are inconsistent: <https://github.com/opencontainers/tob/issues/151> ### Notes: Notes from the zoom chat: 00:07:41 Shaon Hossain: +1 calendar year 00:10:45 Tianon: I'd probably say "reasonably" instead of "safely" but that's some very fine hair splitting 00:11:18 Sajay Antony: Do we say anywhere its "algo:digest" ? 00:11:27 Sajay Antony: or just digest 00:12:25 Tianon: Replying to "Do we say anywhere i..." https://github.com/opencontainers/image-spec/blob/v1.1.1/descriptor.md#digests (not sure if the dist-spec references this explicitly, but if not, it probably should) 00:14:08 Sajay Antony: Replying to "Do we say anywhere i..." Great there is a big header "Digests" 🙂 00:14:45 Tianon: Replying to "Do we say anywhere i..." - **Digest**: a unique identifier created from a cryptographic hash of a Blob's content. Digests are defined under the OCI Image Spec ^{[apdx-3](#appendix)} 00:14:48 Tianon: Replying to "Do we say anywhere i..." in the dist-spec 00:15:15 Tianon: Replying to "Do we say anywhere i..." and: | apdx-3 | [OCI Image Spec - digests](https://github.com/opencontainers/image-spec/blob/v1.0.1/descriptor.md#digests) | Description of digests, defined by the OCI Image Spec | 00:16:18 Brian Goff (@cpuguy83): If it compiles the first time then worry. 00:20:26 Sajay Antony: Good day folks ## January 22, 2026 **Recording**: https://youtu.be/36OCFqQQj_o ### Attendees: - Brandon Mitchell - Mike Brown - Tianon - Jeff Carter - Syed Ahmed - Brian Goff - Ramkumar Chinchani - Sajay Antony - Shaon Hossain ### Actionable Agenda Items: None. ### Presentation/Discussion Agenda Items: - Docker-Content-Digest header: - <https://github.com/opencontainers/distribution-spec/pull/595> - Context: <https://github.com/opencontainers/distribution-spec/pull/543#discussion_r2693119425> - Accept/Content-Type negotiation: - <https://github.com/opencontainers/distribution-spec/issues/596> - TOB election status: <https://github.com/opencontainers/tob/issues/148> - Licensing headers are inconsistent: <https://github.com/opencontainers/distribution-spec/pull/589#issuecomment-3774778393> ### Notes: Notes from the zoom chat: 00:06:44 Ramkumar Chinchani: MUST - pay attention, ignore everything else 00:26:52 Ramkumar Chinchani: Any trademark issues with Docker-* strings? past, present and future? or was that part of the donation/open-sourcing? 00:32:48 Brian Goff (@cpuguy83): Oh wow, I never realized that. 00:33:13 Tianon: Replying to "Oh wow, I never real..." only ever bumped into it on accident, never on purpose lol (but it was a "compatibility" feature) 00:33:36 Brian Goff (@cpuguy83): Replying to "Oh wow, I never real..." I remember the v1 manifest thing being the default return and you had to ask for v2... is that this? 00:34:07 Brian Goff (@cpuguy83): Replying to "Oh wow, I never real..." Ah yeah, that's this. 00:34:18 Tianon: Replying to "Oh wow, I never real..." part of this - the other half was unwrapping an index if your Accept header wasn't big enough 00:34:19 Brian Goff (@cpuguy83): Replying to "Oh wow, I never real..." When I hit that I was like wtf is going on. 00:41:55 Tianon: https://github.com/tianon/oci-schema1 00:45:57 Sajay Antony: Folks need to drop for another call. 00:48:58 Jeff Carter: I’ll ask Claude to summarize it for me 00:54:32 Shaon Hossain: We want some snow! Ski resorts are suffering from lack of snow this year 00:54:39 Shaon Hossain: (In Seattle) 00:54:53 Tianon: Canada? "Northern USA" 😂 00:55:06 Brian Goff (@cpuguy83): I've never seen even 1ft, I don't think. 00:55:14 Tianon: Replying to "Canada? "Northern US..." "that's bait!" ## January 15, 2026 **Recording**: https://youtu.be/HOmrzEpH-jk ### Attendees: - Tianon - Brandon Mitchell - Shaon Hossain - Syed Ahmed - Brian Goff - Samuel Karp - Ramkumar Chinchani - James Kolb - Jeff Carter - Mike Brown ### Actionable Agenda Items: - Ready for review: - distribution-spec blob put with an invalid range: <https://github.com/opencontainers/distribution-spec/pull/593> - distribution-spec blob upload cancel endpoint: <https://github.com/opencontainers/distribution-spec/pull/594> ### Presentation/Discussion Agenda Items: - TOB election status, need LF - Are licensing headers needed: <https://github.com/opencontainers/distribution-spec/pull/589>, need LF - There is no way to add referrers to tagged content in a backwards compatible way that also supports alternative digests - <https://github.com/opencontainers/distribution-spec/pull/543#discussion_r2693119425> - The distribution project no longer depends on the Accept header, returning the manifest even if no Accept header is provided. - The content negotiation doc is being ignored: <https://github.com/opencontainers/distribution-spec/blob/v1.1.1/content-negotiation.md> - OCI could require RFC 9530: <https://datatracker.ietf.org/doc/rfc9530/> - Reviewed the removal of the OCI headers in <https://github.com/opencontainers/distribution-spec/issues/207> and <https://github.com/opencontainers/distribution-spec/pull/208> - Syed planning to open a PR for better supporting a digest header ### Notes: Notes from the zoom chat: 00:06:22 Ramkumar Chinchani: GH enabled the "Agents" tab 00:14:14 Ramkumar Chinchani: https://github.com/opencontainers/distribution-spec/issues/409 00:17:46 Ramkumar Chinchani: security = image protected by signatures? 00:23:03 Jeff Carter: https://github.com/opencontainers/distribution-spec/pull/208 00:49:36 Brian Goff (@cpuguy83): Let me sneek in some blake3 digests just to mess things up. 00:49:50 Mike Brown: 🙂 00:50:40 Mike Brown: panic will arrive soon.. see quantum hardware release schedules 00:51:18 Brian Goff (@cpuguy83): https://datatracker.ietf.org/doc/rfc9530/ 00:52:12 Tianon: Replying to "https://datatracker...." that's adorable 00:52:42 Tianon: Replying to "https://datatracker...." ``` Content-Digest: \ sha-256=:d435Qo+nKZ+gLcUHn7GQtQ72hiBVAgqoLsZnZPiTGPk=:,\ sha-512=:YMAam51Jz/jOATT6/zvHrLVgOYTGFy1d6GJiOHTohq4yP+pgk4vf2aCs\ yRZOtw8MjkM7iw7yZ/WkppmM44T3qg==: ``` 00:52:45 Tianon: Replying to "https://datatracker...." I love it 00:53:39 Ramkumar Chinchani: Replying to "panic will arrive so..." asymmetric crypto most affected. hashes and symmetric crypto mostly fine. 00:54:29 Mike Brown: Replying to "https://datatracker...." this 00:55:59 Ramkumar Chinchani: FIPS-140 excludes blake3 00:57:53 James Kolb: https://pulp.plan.io/issues/4646 ## January 8, 2026 **Recording**: https://youtu.be/r13LWCA6FKA ### Attendees: - Tianon - Alexander Kanevskiy - Brandon Mitchell - Derek McGowan - Shaon Hossain - Samuel Karp - Jeff Carter - Brian Goff - Sajay Antony - Brady Pratt - Syed Ahmed ### Actionable Agenda Items: - PR still needed for blob PUT with an invalid range: <https://github.com/opencontainers/distribution-spec/issues/590> (assigned to Brandon) - Review for PR 1296 <https://github.com/opencontainers/runtime-spec/pull/1296> (all suggestions and requested changes addressed) ### Presentation/Discussion Agenda Items: - `.wh.` file handling: <https://github.com/opencontainers/image-spec/issues/1301> - Are licensing headers needed: <https://github.com/opencontainers/distribution-spec/pull/589> - Pushing multiple tags: <https://github.com/opencontainers/distribution-spec/issues/591> - TOB election status ### Notes: Notes from the zoom chat: 00:01:30 Tianon: just had a power blip which hopefully wasn't a harbinger of outages to come lol 00:12:09 Brandon Mitchell: Sam needs a new mic. 00:12:18 Samuel Karp: do I sound like a robot? 00:12:23 Brandon Mitchell: Yup 00:12:45 Samuel Karp: maybe a zoom thing? this is using my normal mic... 00:14:34 Brian Goff (@cpuguy83): Its all static, have you tried replugging? 00:17:24 Brian Goff (@cpuguy83): *on purpose* 00:19:44 Samuel Karp: it's usb, so I won't try until I drop this call because I don't want the device to disappear while I'm here 00:20:33 Derek McGowan: I think containerd will hit this case https://github.com/containerd/containerd/blob/main/pkg/archive/tar.go#L813 00:28:25 Tianon: "copyright of theseus" is a cursed thought I've had related to this discussion and I'm thrilled to see it's nowhere near original: https://opensource.stackexchange.com/a/4347/40765 00:34:32 Samuel Karp: https://opensource.google/documentation/reference/releasing/authors?hl=en 00:44:17 Sajay Antony: Did you have some rough number of max tags you want to support per put? Don't want different implementors to have different limits. 00:47:49 Brian Goff (@cpuguy83): "If you want a guarentee use digests" -- I keep telling people that, but they won't do it. 00:47:50 Tianon: Replying to "Did you have some ro..." maybe URL path less than 2000 characters? 😂 (https://stackoverflow.com/a/417184/433558 is cute and I think we've discussed this problem in OCI before but maybe I'm mis-remembering) 00:48:23 Tianon: Replying to ""If you want a guare..." "if you want immutable images, that's literally what pull-by-digest is designed for" is a set of words I retype on a regular basis 00:49:40 Brian Goff (@cpuguy83): Oh, Tianon will try it, I'm sure. 00:50:10 Tianon: 10 lmao 00:50:23 Tianon: Replying to "10 lmao" low enough that it's almost not worth doing the feature ## January 1, 2026 Canceled for New Years Day. ## Archived Meeting Notes <https://github.com/opencontainers/.github/blob/main/meeting-notes/> ## Template ## Meeting Date ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - _add your items_ ### Notes: - _add your notes_