On Fri, Jun 24, 2022 at 12:12:07PM +0200, Richard Brown wrote:
On Fri, 2022-06-24 at 11:15 +0200, Eric Schirra wrote:
What always amazes me. They want to introduce things like ALP (that's the docker story, isn't it?),
Docker? Not likely, the current thinking of the Local Container Management WG is that Podman will be the default container runtime for local workloads - with containerd/whatever-is-wanted-by-kubernetes being the non-local, clustered container runtime of choice.
Will the containers be shipped/built with an SBoM (Software Bill Of Materials) from the outset? Lots of organisations are trying to retro-fit or retro-generate SBoMs to help with vulnerability management, compliance etc., it would seem good to bake SBoMs in from the start. A base image with a plethora of container images, from numerous sources is going to ramp-up the management workload to track/react-to potentially vulnerable packages. Daniel