Daniel Walsh wrote:
> I read this like containers are something new and interesting.
Nope, we are saying they are something new and uninteresting. ;-)
> Upstream docker project started this effort a few years ago and the world
> has latched onto it. Fedora needs to adjust and become great at
> containers.
Why? Just because "the world has latched onto it", for some definition of
"the world", even if it does not bring us any benefit (because we already
have distribution technologies that are far superior)?
> Some of the interesting work we have been doing with atomic host, and
> atomic workstation is great.
You and I clearly do not have the same definition of "great".
> We don't have to continue to do things the way we have for 20 years.
But we also don't have to stop doing things the way we have been doing with
no issues for 20 years. Especially when the overhyped replacement is
actually worse and does away with the most important feature of our existing
software delivery mechanism (shared dependencies with automatic dependency
resolution).
> I believe Fedora needs to be at the forefront of figuring out these
> container issues.
Then it should be at the forefront of figuring out how to build virtual
containers from packaged content in /usr (as has been discussed elsewhere in
this thread) rather than shipping container blobs duplicating the world.
> Flatpacks integration into the desktop gives us the potential of a great
> leap forwards in security. Imagine if Fedora finally fixes the biggest
> security issue of the desktop by running browsers in containers, in a
> truly secure manner with it fully integrated, not hacked up like it is
> in the SELinux Sandbox or by running docker images like Jess Frazelle was.
My browser (QupZilla) is already sandboxed, without SELinux, without Docker,
and without Flatpak. (It uses the Chromium seccomp sandbox.)
> The stuff that flatpack is doing has been very good.
You and I clearly do not have the same definition of "very good".
> Colin Walters work on ostree and rpm-ostree is looking into how we can
> do offline updates already and yet this discussion is ignoring it. This
> stuff is great and it is currently controlled by Fedora we should be
> taking advantage of it. I run the atomic workstation now and am running
> flatpack, as well as development environments in containers. I feel
> some pain, but we are learning how to deal with it.
If you are a masochist, that is your problem. You don't have to force this
on all Fedora users.
The ostree technology removes the possibility to make any changes to the
base packages from the user, which makes it an extremely inflexible delivery
method. I do not want to use ostree, not now, not ever.
> We need to learn to live with combinations of rpm packages, ostree
> distributions and containers running on Fedora.
We don't need to at all. RPM will continue working, if it does not get
deliberately sabotaged by the proponents of containers.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
