Re: Some random musings on ostree vs OCI/Docker format

From: Alexander Larsson <alexl redhat com>
To: Colin Walters <walters verbum org>, ostree-list gnome org
Subject: Re: Some random musings on ostree vs OCI/Docker format
Date: Tue, 30 Aug 2016 15:07:35 +0200

On tis, 2016-08-09 at 08:36 -0400, Colin Walters wrote:

 
In some aspects, OSTree I think is better:
 - git remote style model
 - lossless unpack/reassemble ( tried and failed with Docker
tarsum[1])
 - meaningful commit checksums with gpg signatures
 - Ability to do download + unpacking as streaming operations

One thing to note though is that for base OS trees, the content *has*
to be trusted since it runs as root.  However, when looking at using
OSTree
for container images, unlike the base OS case, we can't assume that
the checksums
in the format are correct.   

So currently, Flatpak is doing is forcing ostree to re-checksum.  But 
if we're not
really trusting the format much, it seems the advantages of ostree as
transport format
(as opposed to the tarballs underlying OCI/Docker) diminish.


What exactly do you mean by this? Flatpak does checksum when you pull
from a remote, but how would you not have to do this for a base OS
tree?

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's a shy voodoo inventor with a secret. She's a transdimensional 
nymphomaniac detective with the power to see death. They fight crime!

References:
- Some random musings on ostree vs OCI/Docker format
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]