[CentOS-devel] ostree as a delivery model

Thu Apr 17 17:51:14 UTC 2014
Colin Walters <walters at verbum.org>

On Wed, Apr 16, 2014 at 10:39 PM, Mike Schmidt 
<mike.schmidt at intello.com> wrote:
> I read about that too, today. Is there any thought of a Centos atomic 
> spin? Is this an open source effort by redhat?

Of course!

> Or maybe a spin more like CoreOS (https://coreos.com) which looks 
> like a different (simplified) take on the same general idea? Both 
> atomic and CoreOS are even more than minimal images since they are 
> built to do nothing else but run docker containers. I' m going to 
> give CoreOS a try to see how it's put together; there seem to be a 
> few good ideas there. 

It's clear the CoreOS team has some great ideas and has put a lot of 
thought into a new model for OS+app delivery.

But what I'd say on this is that I'd like Project Atomic to closely 
orbit the RPM ecosystem.  For example, realistically you need content 
that goes into base images that gets reliable security updates.  The 
OpenSSL scenario shows the danger of just pulling arbitrary application 
content.

The traditional package model has been able to deliver security 
updates, and we need to be careful not to throw that away - while still 
allowing people to have the option to run complete app images from the 
upstream app author directly and rely on them for security updates.

Furthermore of course on the host OS side, with rpm-ostree, you're 
taking *only* known RPM content into the host OS.  While it's true that 
like Docker, the OSTree delivery vehicle is content-agnostic, you might 
note from the very name of rpm-ostree that the tool will closely bind 
together the RPM world of individual packages and the OSTree world of 
trees.  I have some pretty exciting hybrid package/tree functionality 
on the roadmap, so stay tuned there =)