Add initial roadmap #230
Add initial roadmap #230
Conversation
| Containers have a lifecycle and being able to identify and document the lifecycle of a container is very helpful for implementations of the spec. | ||
| The lifecycle events of a container also help identify areas to implement hooks that are portable across various implementations and platforms. | ||
|
|
||
| **Owner: ** |
There was a problem hiding this comment.
Yes but lets have those people comment for themselves and not just sign them up. There are also other people wanting to work on this.
Also lets let everyone review the content before we start nit picking on smaller things.
There was a problem hiding this comment.
@crosbymichael We whiteboarded this yesterday and I will create a PR based on that.
There was a problem hiding this comment.
@duglin You might want to help out here.
There was a problem hiding this comment.
@mrunalp yup - been swamped since the f2f, starting to free up now...
|
On the high level, great big 👍 here. |
|
On Thu, Oct 22, 2015 at 12:02:36PM -0700, Michael Crosby wrote:
Also candidates for this list:
I'm happy to help with or take ownership of any of those. If we don't |
|
|
||
| **Owner: ** | ||
|
|
||
| ### Define Container Lifecycle |
There was a problem hiding this comment.
I can create a PR based on yesterdays discussions. (will be glad to have @crosbymichael to help out as well)
|
Good idea to have this to track the items 👍 |
|
We could probably have a section for |
| @@ -0,0 +1,103 @@ | |||
| # OCI Specs Roadmap | |||
|
|
|||
| This document serves to provide both a long term roadmap on our quest to a 1.0 version of the OCI container specification. | |||
There was a problem hiding this comment.
nit: both seems to imply two goals. I see only one mentioned in this sentence.
|
Great job 👍 , now we have more clearer view for what we are doing now. |
|
Is there any plan about network in container? |
| ### Digest and Hashing | ||
|
|
||
| A bundle is designed to be moved between hosts. | ||
| Although OCI doesn't define a transport method we should have a cryptographic digest of the on-disk bundle that can be used to verify that a bundle is not corrupted and in an expected configuration. |
There was a problem hiding this comment.
Since I think there may be a difference between the "on-disk" bundle and the "archive" that we create when we try to move a bundle I think it might be best to remove the "on-disk" part of this sentence. For example, an incoming bundle might have the notion of layers, but if the implementation of OCI flattens its down to just a single dir I don't think we want to hash the flatten dir, we want to hash the original bundle and do verification of that.
|
It might be good to add a |
|
On Tue, Oct 27, 2015 at 02:19:56AM -0700, Qiang Huang wrote:
I think the consensus is that Docker-style networking is out-of-scope |
|
On Tue, Oct 27, 2015 at 08:51:57AM -0700, Doug Davis wrote:
I think the suggestion is to keep design discussion on the list [1](landed in #86), but +1 to linking to wherever the discussion is |
|
|
||
| Decide on a robust versioning schema for the spec as it evolves. | ||
|
|
||
| **Owner: ** |
There was a problem hiding this comment.
I'm glad to help on the version schema.
crosbymichael
force-pushed
the
roadmap
branch
from
bb10ea3 to
a4bd6f8
Compare
|
Updated based on initial comments. I think any more assignments can be added as PRs after we merge for people who want to work on a topic. |
|
ping |
|
LGTM |
|
LGTM. We can iterate starting with this. |
| A bundle is designed to be moved between hosts. | ||
| Although OCI doesn't define a transport method we should have a cryptographic digest of the on-disk bundle that can be used to verify that a bundle is not corrupted and in an expected configuration. | ||
|
|
||
| **Owner: ** philips |
There was a problem hiding this comment.
a nit on the formating. (view it here), this looks like it's intended to be bold, but it formats like floating asterisks
|
This LGTM apart from the formatting nit. |
Signed-off-by: Michael Crosby <[email protected]>
crosbymichael
force-pushed
the
roadmap
branch
from
a4bd6f8 to
4859f6d
Compare
|
@vbatts fixed your formatting issue. I don't know how to markdown.... |
|
i'll merge this now |
|
Cool. Thanks. |
I think this is resolved since 7713efc (Add lifecycle for containers, 2015-10-22, opencontainers#231), which was committed on the same day as the ROADMAP entry (4859f6d, Add initial roadmap, 2015-10-22, opencontainers#230). Signed-off-by: W. Trevor King <[email protected]>
# digest/hashing target Most of this has spun off with [1], and I haven't heard of anyone talking about verifying the on-disk filesystem in a while. My personal take is on-disk verification doesn't add much over serialized verification unless you have a local attacker (or unreliable disk), and you'll need some careful threat modeling if you want to do anything productive about the local attacker case. For some more on-disk verification discussion, see the thread starting with [2]. # distributable-format target This spun off with [1]. # lifecycle target I think this is resolved since 7713efc (Add lifecycle for containers, 2015-10-22, opencontainers#231), which was committed on the same day as the ROADMAP entry (4859f6d, Add initial roadmap, 2015-10-22, opencontainers#230). # container-action target Addressed by 7117ede (Expand on the definition of our ops, 2015-10-13, opencontainers#225), although there has been additional discussion in a7a366b (Remove exec from required runtime functionalities, 2016-04-19, opencontainers#388) and 0430aaf (Split create and start, 2016-04-01, opencontainers#384). # validation and testing targets Validation is partly covered by cdcabde (schema: JSON Schema and validator for `config.json`, 2016-01-19, opencontainers#313) and subequent JSON Schema work. The remainder of these targets are handled by ocitools [3]. # printable/compiled-spec target The bulk of this was addressed by 4ee036f (*: printable documents, 2015-12-09, opencontainers#263). Any remaining polishing of that workflow seems like a GitHub-issue thing and not a ROADMAP thing. And publishing these to opencontainers.org certainly seems like it's outside the scope of this repository (although I think that such publishing is a good idea). [1]: https://github.com/opencontainers/image-spec [2]: https://groups.google.com/a/opencontainers.org/d/msg/dev/xo4SQ92aWJ8/NHpSQ19KCAAJ Subject: OCI Bundle Digests Summary Date: Wed, 14 Oct 2015 17:09:15 +0000 Message-ID: <CAD2oYtN-9yLLhG_STO3F1h58Bn5QovK+u3wOBa=t+7TQi-hP1Q@mail.gmail.com> [3]: https://github.com/opencontainers/ocitools Signed-off-by: W. Trevor King <[email protected]>
# digest/hashing target Most of this has spun off with [1], and I haven't heard of anyone talking about verifying the on-disk filesystem in a while. My personal take is on-disk verification doesn't add much over serialized verification unless you have a local attacker (or unreliable disk), and you'll need some careful threat modeling if you want to do anything productive about the local attacker case. For some more on-disk verification discussion, see the thread starting with [2]. # distributable-format target This spun off with [1]. # lifecycle target I think this is resolved since 7713efc (Add lifecycle for containers, 2015-10-22, opencontainers#231), which was committed on the same day as the ROADMAP entry (4859f6d, Add initial roadmap, 2015-10-22, opencontainers#230). # container-action target Addressed by 7117ede (Expand on the definition of our ops, 2015-10-13, opencontainers#225), although there has been additional discussion in a7a366b (Remove exec from required runtime functionalities, 2016-04-19, opencontainers#388) and 0430aaf (Split create and start, 2016-04-01, opencontainers#384). # validation and testing targets Validation is partly covered by cdcabde (schema: JSON Schema and validator for `config.json`, 2016-01-19, opencontainers#313) and subequent JSON Schema work. The remainder of these targets are handled by ocitools [3]. # printable/compiled-spec target The bulk of this was addressed by 4ee036f (*: printable documents, 2015-12-09, opencontainers#263). Any remaining polishing of that workflow seems like a GitHub-issue thing and not a ROADMAP thing. And publishing these to opencontainers.org certainly seems like it's outside the scope of this repository (although I think that such publishing is a good idea). [1]: https://github.com/opencontainers/image-spec [2]: https://groups.google.com/a/opencontainers.org/d/msg/dev/xo4SQ92aWJ8/NHpSQ19KCAAJ Subject: OCI Bundle Digests Summary Date: Wed, 14 Oct 2015 17:09:15 +0000 Message-ID: <CAD2oYtN-9yLLhG_STO3F1h58Bn5QovK+u3wOBa=t+7TQi-hP1Q@mail.gmail.com> [3]: https://github.com/opencontainers/ocitools Signed-off-by: W. Trevor King <[email protected]>
This adds the initial roadmap for the project. I compiled this list from various weekly meetings, issues, and discussions on irc.
This is not meant to be an absolute list of things that we will or will not do, just a way for our project to convey what we want to focus on and work towards. I tried to add "owners" based on people who expressed interest in the various topics.
Let me know what you all think. We can use this overall list and break out topics for various milestones.
Signed-off-by: Michael Crosby [email protected]