W. Trevor King

On Wed, Apr 06, 2016 at 05:15:43PM -0700, Brandon Philips wrote: > I believe that using this type of well-known scheme is a better > choice today and will stay...

On Thu, Apr 07, 2016 at 06:47:35AM -0700, Brandon Philips wrote: > @wking This isn't about blob delegation. This is about delegation of > naming for images. Which is explicitly...

On Fri, Apr 22, 2016 at 09:08:29AM -0700, Kamal Marhubi wrote: > Is there room for [TUF](http://theupdateframework.com/)'s delegation > notions to get incorporated here? Notary [1,2] is a wrapper around...

On Fri, Aug 04, 2017 at 05:37:26AM +0000, Akihiro Suda wrote: > * The OCI Image Layout is a slash separated layout… > +* Conformity to this layout specification is...

My preference would be to specify, either directly or by reference, the syscalls runtimes MUST support. That would give us a clear lower bar, but this level of precision has...

> Mmm, but here the runtime doesn't error out, it just silently skip those syscalls. You can complain to runc and ask them to error instead of silently ignoring unrecognized...

> The specification is basically "the input format for libseccomp" so if you want to specify the behaviour differently... I have no problem with leaning on libseccomp. I'd just rather...

> Initially, I thought that failing to whitelist a syscall should not be fatal, but failing to block a syscall should be fatal. I think runtimes should always fail create...

This would benefit from the clearer platform/protocol slug language in #570, so if #570 lands first I'll rebase this PR around it and tighten the “target platform” wording here.

> This would benefit from the clearer platform/protocol slug language in #570… #570 landed, and I've floated some work tying settings to platforms in #747. I recommend reviewing #747 first,...