[CentOS-devel] RH patches v/s vanilla docker in CentOS

Mon Apr 20 19:43:26 UTC 2015
Jim Perrin <jperrin at centos.org>


On 04/20/2015 01:06 PM, Lokesh Mandvekar wrote:

> 
> I've pretty much decided that 'docker' in virt SIG would only track upstream
> sources (no RH patches in it). Don't want this to sound like "I don't care
> what anyone says", but docker upstream and many CentOS users want a build
> which will only track upstream docker sources. Having 'docker' in virt SIG to
> be this build sounds like the way to go.


Agree. It would be nice to hear what the Atomic SIG folks think about
this though as they're direct consumers.

> For anyone interested in RH patches, there's 'docker-master' in virt SIG
> (docker master branch + RH patches) and 'docker' in CentOS-Extras of course.
> Also, I could add anything else to make anyone else happy.
> 
>> What do the RH patches actually do?
> 
> 
> Some docker behavior does get modified, like adding and blocking registries,
> checking for confirmation before pushing to public registries. AFAIK, patches
> were added only with permission from upstream docker and we're working
> towards upstreaming those patches too.
> 
>>
>> I think either one could make sense depending on how much value the
>> patches provide / how much they cost to port to the latest release.



> These patches are desirable to enterprise users, but I've been hearing a lot
> directly/indirectly from CentOS users that they only want vanilla docker
> behavior. Porting/rebasing is taken care of by RH folks on a daily basis.

Is this mainly just do to the private auth bug reported by quay.io users
or is it more widespread than that?



-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77