On 11/06/2017 11:29 AM, Giuseppe Scrivano wrote: > Dusty Mabe <du...@dustymabe.com> writes: > >>>> - create a projectatomic-devel organization and put them under there >>>> - put them under projectatomic/ but add devel or upstream in the name of >>>> each image. >>> >>> would a tag be enough? >> >> My personal opinion is no. Not many people inspect tags when using images. > > they will still need to specify the tag when pulling or installing the > image. It is something like: > > atomic pull --storage ostree docker.io/projectatomic/etcd:devel
ahh. I thought you meant a label (not a tag). Yes, a tag is *better*. > > instead of: > > atomic pull --storage ostree docker.io/projectatomic/etcd-devel > > >>> Most of the time, changes to the image are bug fixes. There is not >>> really much development happening in the system container itself, so I >>> don't see much disadvantage if these changes are propagated quickly. >> >> If there's not much changes going on then why can't we use the distro >> registry which has a process for rebuilding images periodically to account >> for CVEs? I know the Fedora registry is not perfect, but would like for us >> not to fragment and have so many different places to pull a system container >> from. > > do we prevent in some way that users using an image from > registry.fedoraproject.org/f26/* will not keep using it once the new > versions, that have a complete different name, are out? I'm pretty sure once f25 is EOL those container images will no longer be available since they won't be receiving updates. > > We want a centralized place where we can find all the updated binaries > based on what we have in the upstream repository without any human > intervention to sync them. > Some of the images are not based on Fedora, so we would need at least to > split them between the Fedora and the CentOS registries. > /me wishes we could build fedora and centos based layered images in the same way so it would be the same process for both IMHO.
