Overview content-prior to operator and author content#5
Overview content-prior to operator and author content#5SteveLasker wants to merge 6 commits intoopencontainers:mainfrom
Conversation
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
SteveLasker
force-pushed
the
readme-overview
branch
from
3d572af to
36cf15a
Compare
SteveLasker
force-pushed
the
readme-overview
branch
2 times, most recently
from
aa82c90 to
ff1d345
Compare
SteveLasker
force-pushed
the
readme-overview
branch
2 times, most recently
from
b7bc1a5 to
7ecb4d0
Compare
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
SteveLasker
force-pushed
the
readme-overview
branch
from
7ecb4d0 to
d902765
Compare
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
mikebrow
left a comment
mikebrow
left a comment
There was a problem hiding this comment.
should avoid checking in logos of other products?
see artifact-layer.png
README.md
Outdated
| * [Overview of Registry Content Delivery](#overview-of-registry-content-delivery) | ||
| * [Defining OCI Artifact Types](#defining-oci-artifact-types) | ||
| * [Definitions & Terms](definitions-terms.md) | ||
| * [OCI Artifact Implementations](implementors.md) |
There was a problem hiding this comment.
see review comments on the implementor's PR
There was a problem hiding this comment.
On the logos, what do you suggest here? Can I reference logos, via a URL to their official logo? Do I have to resort to text :(
Can I ask the maintainers of Helm and Singularity to make a PR, this way it's their contribution?
Eventually, for the artifactTypes folder, I was planning on asking artifact authors to submit their logo for general consumption, so they are giving rights to others to use when displaying the type within their registry products & services.
There was a problem hiding this comment.
yeah just reference their logo ..
README.md
Outdated
| By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution ([YASS][def-yass]). | ||
|
|
||
| ## Table of Contents | ||
| ## OCI Artifact Table of Contents |
| * [Project governance](GOVERNANCE.md) | ||
| * [Release procedures](RELEASES.md) | ||
|
|
||
| ## Overview of Registry Content Delivery |
There was a problem hiding this comment.
I don't think we should define what a registry is in the Artifacts readme. Maybe in a "treatise" document that you could link to from here.
See https://opencontainers.github.io/org/ and the source for it over here: https://github.com/opencontainers/org/tree/master/docs/docs
| | [Manifest Schemas](#manifest-schemas) |<img src=./media/manifest-layer.png height=40> | | ||
| | [Artifacts](#artifacts) |<img src=./media/artifact-layer.png height=100> | | ||
|
|
||
| ### Registry |
|
|
||
| ### Manifest Schemas | ||
|
|
||
| For a registry to store collections of content, it must have well known schemas to uniquely describe each content addressable object. The [OCI Manifest][image-manifest] and [OCI Index][image-index] are two well known schemas that implementations of the [OCI Distribution Spec][distribution-spec] MUST support. |
There was a problem hiding this comment.
yes, but let's not use MUST language here. It's fine in the distribution spec but we should avoid using directive language that applies to a different spec.
s/MUST/must/
|
|
||
| [Registries][def-registry], vulnerability scanners and artifact tooling must understand the types of artifacts they support. Registry scanning tools may only support a subset of artifact types, or they may need to apply different scanning methods based on the artifact type. | ||
|
|
||
| If a security scanning solution were to scan all types, it would fail when it encounters unsupported types, representing false negatives. By differentiating types, a registry scanning solution can ignore unknown types, representing a known state. As new artifact types become [well known][def-well-known-types], scanners can expand the types they offer, providing a more complete known state. |
|
|
||
| If a security scanning solution were to scan all types, it would fail when it encounters unsupported types, representing false negatives. By differentiating types, a registry scanning solution can ignore unknown types, representing a known state. As new artifact types become [well known][def-well-known-types], scanners can expand the types they offer, providing a more complete known state. | ||
|
|
||
| Artifact tooling must also know the types they support. The docker and containerD client know how to instance container images. However, they are not intended to instance Helm Charts or Singularity images. By defining the artifact type, registries can present the type to their users, and tools pulling artifacts from a registry can determine if they can support the specific type before encountering a runtime error. |
|
|
||
| Artifact tooling must also know the types they support. The docker and containerD client know how to instance container images. However, they are not intended to instance Helm Charts or Singularity images. By defining the artifact type, registries can present the type to their users, and tools pulling artifacts from a registry can determine if they can support the specific type before encountering a runtime error. | ||
|
|
||
| Artifacts are defined by setting the `manifest.config.mediaType` to a globally unique value. The `config.mediaType` of `application/vnd.oci.image.config.v1+json` is reserved for artifacts intended to be instanced by docker and [containerD][containerd]. |
There was a problem hiding this comment.
yes but to much detail for the readme...we should cover this in the spec vs readme..
s/containerD/containerd/
| @@ -0,0 +1,90 @@ | |||
| # Definitions and Terms | |||
implementors.md
Outdated
| @@ -0,0 +1,10 @@ | |||
| # OCI Artifacts Implementations | |||
Signed-off-by: Steven Lasker <stevenlasker@hotmail.com>
SteveLasker
force-pushed
the
readme-overview
branch
from
201c413 to
c2e706c
Compare
push real contents test
|
@SteveLasker ping :-) |
|
Thanks @mikebrow |
|
This PR is outdated with various other PRs. |
2 participants
Signed-off-by: Steven Lasker stevenlasker@hotmail.com