[CentOS-devel] ostree as a delivery model
Colin Walters
walters at verbum.org
Thu Apr 17 17:51:14 UTC 2014
On Wed, Apr 16, 2014 at 10:39 PM, Mike Schmidt
<mike.schmidt at intello.com> wrote:
> I read about that too, today. Is there any thought of a Centos atomic
> spin? Is this an open source effort by redhat?
Of course!
> Or maybe a spin more like CoreOS (https://coreos.com) which looks
> like a different (simplified) take on the same general idea? Both
> atomic and CoreOS are even more than minimal images since they are
> built to do nothing else but run docker containers. I' m going to
> give CoreOS a try to see how it's put together; there seem to be a
> few good ideas there.
It's clear the CoreOS team has some great ideas and has put a lot of
thought into a new model for OS+app delivery.
But what I'd say on this is that I'd like Project Atomic to closely
orbit the RPM ecosystem. For example, realistically you need content
that goes into base images that gets reliable security updates. The
OpenSSL scenario shows the danger of just pulling arbitrary application
content.
The traditional package model has been able to deliver security
updates, and we need to be careful not to throw that away - while still
allowing people to have the option to run complete app images from the
upstream app author directly and rely on them for security updates.
Furthermore of course on the host OS side, with rpm-ostree, you're
taking *only* known RPM content into the host OS. While it's true that
like Docker, the OSTree delivery vehicle is content-agnostic, you might
note from the very name of rpm-ostree that the tool will closely bind
together the RPM world of individual packages and the OSTree world of
trees. I have some pretty exciting hybrid package/tree functionality
on the roadmap, so stay tuned there =)
More information about the CentOS-devel
mailing list