Proposal: Working Group for Reference Types #96
Comments
|
Is this group meant to supersede, replace or take over any of the existing proposals? opencontainers/artifacts#37 |
|
In accordance with last weeks working group discussion, this is a working group proposal to define the goals, objectives and, validations which should outline which of these we might pursue, or how we might pursue them in sequence to meet short-term and long term goals. |
|
Maybe this is something that needs to be cleared up in the working group proposal itself as it turns into an actual proposed charter change, but my understanding from reading it is that it's intended for the development and proposal of entirely new specifications (like the distribution example). I think there's still some fundamental disagreement on whether or not reference types actually needs a new specification, or whether they can be accomplished via changes to the existing specifications. Proposing a WG here feels premature, especially before the WG model itself has been sorted out. |
|
Please see the scope section as we called out the specific concern:
|
|
Right, the question is whether a WG is needed for minor additions to an existing spec. |
|
Agreed that it is something that needs to be clarified. I think with this working group, there needs to be a new specification or major revision which introduces such a manifest. For minor releases in a spec, there does not need to be working group. We still need to figure out in the distribution spec how new endpoints would be handled in minor releases. The sponsors in this case should include the registry clients which will support this new feature. It is not intended to just be the companies which have engineers working on it, but the projects which will implement it. What I am hoping the working group proposal method can do is unblock the decision process of what is being delivered since establishing the working group will be voted on. With that in mind, the scope should be explicit about what the expected result should be. For example, is this intending to deliver an artifacts-spec 1.0 or an image spec 2.0. If it has dependency on delivering a distribution-spec 1.1 (or 1.next) with a new endpoint, that should be called out. The distribution spec changes would not be released by this working group though, it could be part of the implementation process though. |
Well said! To be extra clear - if minor, backwards compatible changes can be made to image-spec 1.0, I would expect that to still go through the standard image-spec proposal process defined and approved by the image-spec maintainers. The image-spec group and maintainers could always decide or ask for a working group to help out with the implementation if they think it would help. If we're not sure whether or not a major revision is needed, IMO the best thing to do would be to figure that out definitively then propose the next course of action, or even to try both paths simultaneously. |
|
My guess as to process, from the charter:
So this would need to be voted on by the TOB. I think @dmcgowan's questions around exact scope and deliverables of this working group still need to be addressed in the proposal:
|
|
big agree with Derek. To be clear, I want to see some form of reference types and the relevant APIs in distribution-spec. It seems to me this could be minimal, and therefore a point release (not a major version bump). The extent to which there are new manifests needing to be defined, and possibly untangled from what is currently in image-spec, is related but slightly separate thread. |
|
Could we get some clarity from the owners of this proposal with respect to meaning of "reference types" reference and type are two very overloaded terms.. I think I see it being used in the context of referable objects (blobs) stored in a registry that have a known media type specified by oci or other such governing body. And in that context this means new base types in the same way that If that is the context I'd like to see that clarified and perhaps also include in the scope providing suggestions for revisions to the image spec that identify base reference types, compatible with the existing image spec, for supporting the image spec reference types and new artifact reference type(s) ... Per discussions with @stevvooe one concern is that we do proper diligence in keeping our content-addressable storage (CAS) model intact (not immutable, no.. just be careful to ensure the extensions are compatible as we move forward). |
|
figuring out the scope/specifying this workgroup with such clarity would help to guide the changes/extensions being proposed... For example: one new field in a proposed artifiact manifest .. is artifactType and that is basically a "this".type string/media type where the manifest would now say what type it is.. Today we don't have a this reference in the object instead we normally specify the type of the blob(object) when/where we reference the object. Should this field be optional? is the name of the field obvious? is that a field we need on all base reference types? or is it only something we need on new artifact types. Not trying to get the answer to that question here.. Just proposing that such questions may prove important with respect to having a common CAS model and distribution api where the clients and registries know what to do with such fields.. |
|
Thanks, @mikebrow. This goes back to the definitions and terms conversation. Are we talking about the same thing. For the purposes of the Working Group Proposal, we are discussing the ability to store reverse linkages between a new artifact being pushed to a registry, and existing content in a registry. That is the scope of the groups effort. |
|
thx for the clarification! |
|
Any updates here? Are you still planning to finish this up and submit it for approval? |
|
👍
Had a few chats recently, with jonjohnsonjr and stevelasker. I'm looking
forward to the API pieces, and how this working group will tease out the
definitions that ended up in image-spec in the times before
distribution-spec was a reality.
|
|
Can we get some kind of update here? This has been open since April and is effectively "holding a lock" on progress within the OCI. Can it either be completed and submitted for a vote, or closed so someone else can finish it? |
|
update: It was suggested, discussed, and agreed at the OSS Summit Conference yesterday afternoon (near the end of the meeting on September, 30) that this working group would be brought to the tob for vote. |
|
Thanks @mikebrow! I'm looking for any sense of timeline for when this will be completed and brought for a vote. Days? Weeks? Months? |
|
Are there any updates here? |
|
Pinging @lachie83 who I think may have the next step(s) here based on a discussion we had last week? Apologies Lachie if I misunderstood. |
|
Hi all. We've updated the proposal based on feedback and would like to ask the TOB to review. In addition, I would like to ask if @jonjohnsonjr would like to join the proposal as a registry operator to be both an owner and sponsor of this working group representing Google? |
|
This looks great to me! |
|
@lachie83 @jonjohnsonjr is willing, but is currently taking time off and probably won't be able to respond personally until early november |
|
the revised op-post looks good (i wish there were a way to get a permalink to the revision I just read 🤔 ). One nit [however much it is in-the-weeds] is that as I'm reading through the existing distribution-spec, and with the anticipation for this kind of referrer API, I worry that the word "reference" will not be too overloaded, as it is already used in the distribution-spec. Lastly, as @estesp has mentioned, I think this is ready for a [time-boxed] vote. |
|
Friendly ping.
Has the time box opened? Is there a time box on opening the time box? 🤔 |
|
Thanks @imjasonh; I was hoping for a verification that @jonjohnsonjr was going to be added formally to the proposal text based on the comment that he was willing but was still taking some time off. I'd like the TOB to vote on the specific list of collaborators/owners which is why I was ok with a delay until that was verified/updated. If we can do that now, as soon as that's complete, let's set a 7-day window for any final commentary/questions and a vote on the day that comment period closes. Any other opinions here from @opencontainers/tob? |
|
I would like to see the voting started. Are we planning on making the working group proposals as files within the |
Formal thumbs up 👍 Apologies @lachie83, I've had a lot to catch up on 😅
Was this feedback from @dmcgowan addressed? I'm happy to be an owner on this, but would like to see sponsorship from more projects that would be affected (both registries and clients). IMO, some representation from at least Quay and Harbor would be excellent. |
|
18 Nov OCI call discussion: Let's update owners with Jon's name. Copy the proposal text into a markdown file; commit that as a new file in the proposals/ directory of this repo and open a PR. That PR will have the TOB vote, target end date of 1 December (due to US holidays next week). |
|
Just a point of clarity, |
|
Isn't this issue resolved, as this WG is in full swing? |
Full swing is right! opencontainers/distribution-spec#335 🍾 (but yeah, I think we can close this) |
|
Closing as the group has started, and working towards a completed recommendation. |
Working Group Proposal: Reference Types
Proposal created from OCI WG template.
Reference Types OCI Working Group - Governance Charter
This document describes the basic governance principles for the Reference Types Working Group (the “WG”).
The WG operates as an OCI Working Group under the Open Container Initiative (OCI) Charter, which describes the responsibilities of the OCI Technical Oversight Board (the "TOB”). The WG is established by the TOB as an OCI Working Group pursuant to the OCI Charter. Accordingly, the WG will operate in accordance with the OCI Charter and OCI's other policies and procedures, supplemented by the details below.
Purpose
As cloud native development continues to grow, there is increased interest in evolving registries to natively store, discover, and pull a graph of content associated with specific container images in a registry. Use cases for said associated artifacts include but are not limited to Software Bill of Materials (SBoM), security scan results, and signing. Having a native way to store and discover artifacts associated with other artifacts enables end-users to answer the question of: “What SBOMs or signatures are associated with this container image?”
Scope
Out of Scope
Intended work product
Proposed Owners
Sponsors
Related issues/PRs
Governance
The text was updated successfully, but these errors were encountered: