On Mon, Aug 26, 2019 at 06:46:29PM -0700, John Harris wrote: > On Monday, August 26, 2019 5:50:53 AM MST Christian Glombek wrote: > > > > Wow, a model like _distroless_ is exactly what I think we need in and from > > Fedora to enable making those minimal, purpose-built and service-specific > > containers. > > > > I was thinking of a concept that has rpm-ostree compose a set of packages > > to a root dir, and put that in a container with Buildah. > > Not sure how feasible it would be to add that functionality (as opposed to > > simply using dnf for this), but I'm thinking it would be super neat to have > > a coreos-assembler that also does container composes from an ostree > > manifest, in the same way it assembles OS images in different formats for > > different platforms. > > > > I'd also like to link to Adam's super informational page here: > > https://asamalik.fedorapeople.org/container-randomness/report-f31.html > > It would be great if we could include infos about the package sets of our > > ostree-based composes in there as well (FCOS, Silverblue and IoT). Also > > note that our container scratch build size has gone up dramatically in F31 > > (I don't know why, yet). > > > > cc'ing Ben Breard and Sanja Bonic for their general interest in the > > Minimization effort. > > That sort of container is exactly the kind of thing that *cannot be > maintained*. I say this as a sysadmin in a fairly large environment, that > container simply *would not get updated*. It'd sit until it either quit > working or somebody noticed it and removed it because it was a security risk, > full of vulnerabilities. John, if you do not want to use the containers, then don't do it. There are people who like containers and are serious about them. Being serious means that one has automated pipeline that builds, tests and deploys updated container, without engaging sysadmins. Your remarks do not move discussion forward. The point is how to get smallest viable container. Your comments ignore decades of experience of containerising workloads. -- Tomasz .. oo o. oo o. .o .o o. o. oo o. .. Torcz .. .o .o .o .o oo oo .o .. .. oo oo o.o.o. .o .. o. o. o. o. o. o. oo .. .. o. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
