Aleksa Sarai
Aleksa Sarai
Note that the `cli` library we are using (on paper) supports auto-generating shell completion files so we should investigate that before we go on and write our own (if it's...
Right now, umoci only supports plain-Jane filesystem extraction. This does make umoci much simpler and more versatile (it should work on any POSIX-compliant filesystem). However, that does have some efficiency...
I [was working on something like this for Docker](https://www.cyphar.com/blog/post/hackweek-13-docker-rebase) but the implementation of `DiffIDs` at the time was incredibly confusing (and I was working with the dockerv1 image specification that...
I'm currently working with upstream kernels to allow for safe, race-free protection against escapes with `O_THISROOT`. It's a fairly powerful mechanism which should entirely remove the need for `securejoin.SecureJoin`. However...
I wasn't aware this pattern actually had a compiler blessing, but it turns out that `internal` packages have [unique visibility behaviour](https://golang.org/s/go14internal) which can be used to have internal packages which...
Right now we outright reject blobs that aren't using sha256 as their blob algorithm. This is definitely not ideal, but was done as a stop-gap to avoid running into issues...
It appears that the whiteout rejection code (which is implemented through `CloseWithError`) can fail spurriously. I've noticed this failure in the past but it appears that it's happening much more...
Currently we basically ignore the semantics of different xattrs. This needs to change because of the "new" v3 `security.capability` changes. There are a few things we need to handle now...
I have some proposal ideas for the OCIv2 image specification (it would actually be OCIv1.1 but that is a less-cool name for the idea) and they primarily involve swapping out...
Currently all of the tooling only really supports tags that reference manifests (not manifest lists). The main reason for this is that I'm not really sure how to implement manifest...