Justin Cormack justincormack @docker Cambridge, UK CTO at @docker

distribution/distribution 7852

The toolkit to pack, ship, store, and deliver container content

cncf/tag-security 1794

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

docker/roadmap 1334

Welcome to the Public Roadmap for All Things Docker! We welcome your ideas.

genuinetools/riddler 250

A tool to convert docker inspect to the opencontainers runc spec.

joffemd/pscf 20

Public Sector Credit Framework

chris-crone/kubecon-eu-20 11

Demo code for KubeCon EU 2020 talk

justincormack/addmount 11

Mounts as file descriptors are useful

justincormack/alpine-pbulk 2

Alpine pkgsrc configured for pbulk builds

issue openedmoby/buildkit

build args in FROM do not work with content trust

Using the new ability to have build args work with the FROM line, discovered that this breaks builds with content trust, as something tries to parse the FROM line and fails:

whale:arg justin$ cat Dockerfile 
ARG BASE=alpine:3.6
RUN cat /etc/alpine-release
RUN uname -a

whale:arg justin$ docker build --no-cache --build-arg BASE=alpine:3.5 .
Sending build context to Docker daemon  2.048kB
Step 1/4 : ARG BASE=alpine:3.6
Step 2/4 : FROM $BASE
 ---> 074d602a59d7
Step 3/4 : RUN cat /etc/alpine-release
 ---> Running in cd34a02789c8
 ---> 919100690231
Removing intermediate container cd34a02789c8
Step 4/4 : RUN uname -a
 ---> Running in 32e20ce11a09
Linux 3009dd4da609 4.9.36-moby moby/moby#1 SMP Wed Jul 12 17:33:58 UTC 2017 x86_64 Linux
 ---> cd5da4524cea
Removing intermediate container 32e20ce11a09
Successfully built cd5da4524cea

whale:arg justin$ DOCKER_CONTENT_TRUST=1 docker build --no-cache --build-arg BASE=alpine:3.5 .
Sending build context to Docker daemon 

error during connect: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.30/build?buildargs=%7B%22BASE%22%3A%22alpine%3A3.5%22%7D&cachefrom=%5B%5D&cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=Dockerfile&labels=%7B%7D&memory=0&memswap=0&networkmode=default&nocache=1&rm=1&shmsize=0&target=&ulimits=null: invalid reference format: repository name must be lowercase
 Version:      17.06.0-ce
 API version:  1.30
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:31:53 2017
 OS/Arch:      darwin/amd64

 Version:      17.06.0-ce
 API version:  1.30 (minimum version 1.12)
 Go version:   go1.8.3
 Git commit:   02c1d87
 Built:        Fri Jun 23 21:51:55 2017
 OS/Arch:      linux/amd64
 Experimental: true
Containers: 108
 Running: 0
 Paused: 0
 Stopped: 108
Images: 637
Server Version: 17.06.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
 Volume: local
 Network: bridge host ipvlan macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfb82a876ecc11b5ca0977d1733adbe58599088a
runc version: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
init version: 949e6fa
Security Options:
  Profile: default
Kernel Version: 4.9.36-moby
Operating System: Alpine Linux v3.5
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 1.952GiB
Name: moby
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 18
 Goroutines: 30
 System Time: 2017-07-20T07:29:32.514762657Z
 EventsListeners: 1
No Proxy: *.local, 169.254/16
Experimental: true
Insecure Registries:
Live Restore Enabled: false

created time in 6 years

create barnchjustincormack/test2

branch : foo

created branch time in a month

create barnchjustincormack/test2

branch : bar

created branch time in a month


issue commentcncf/foundation

Investigate MPL -> BSL Changes/Impact

The repos that have changed licenses are below (note as Stefan says, there may be parts that are not relicensed in these repos)

hashicorp/terraform hashicorp/consul hashicorp/vault hashicorp/vagrant hashicorp/nomad hashicorp/packer hashicorp/waypoint hashicorp/boundary hashicorp/vault-csi-provider hashicorp/vault-secrets-operator

All the general Go libraries etc are unchanged.


comment created time in a month

issue commentdocker/roadmap

[Docker Labs Debug Tools] Issues/Bugs

bug - initial working directory is not the default working directory of the container - I expect it to be like exec in this case, as in some containers used to ending up eg where the app is installed.


comment created time in a month

issue commentdocker/roadmap

[Docker Labs Debug Tools] Issues/Bugs

bug / feature request - PATH does not have the original container path, just the path to the installed tools, I really need both available (unsure about optimal ordering, probably installed tools first though).


comment created time in a month

issue commentdocker/roadmap

[Docker Labs Debug Tools] Issues/Bugs

bug - stops the new Docker Desktop sleep feature working as there is a persistent running container in the extension.


comment created time in a month


Pull request review commentcncf/toc

Propose WasmEdge Runtime project for incubation

+# **Propose WasmEdge into Incubation**++## **About WasmEdge**++WasmEdge is a lightweight, high-performance, OCI-compatible, and extensible WebAssembly runtime for cloud-native, edge, and decentralized applications. It powers serverless apps, embedded functions, microservices, smart contracts, and IoT devices.++### **Sandbox project acceptance**++WasmEdge was accepted as a Sandbox project in April 2021. See the [_onboarding issue_]( **Progress since Sandbox**++Since joining CNCF, WasmEdge had great achievements, including developer community building and technical updates.++### **Community Metrics**++You can find WasmEdge’s devstats page and dashboards [_here_]( are some highlights of WasmEdge’s community growth in the sandbox. ++* WasmEdge now has [_178 contributors_]( including 16 maintainers / committers / reviewers from[_53 organizations_]( [_22 countries and regions_]( There are [_343.92 commits_]( per month, with [_44.32 PR_]( merged from the day when WasmEdge joined the CNCF Sandbox project.+* The community has grown since WasmEdge entered the CNCF Sandbox.+    * We have held monthly meetings since October 2021. The meeting note can be found [_here_](, and the recording meeting video can be found [_here_](    * Number of maintainers: 4 → 4+    * Number of maintainers / committers / reviewers: 4 → 16+    * Number of contributors: [_6_]( → [_178_](    * Number of stars: 819 → 6204+    * Number of forks: 43 → 558++### **Technical metrics**++The WasmEdge community has released ten new versions of the software since joining CNCF sandbox.++* [_version 0.8.0_](* [_version 0.8.1_](* [_version 0.8.2_](* [_version 0.9.0_](* [_version 0.10.0_](* [_version 0.11.0_](* [_version 0.11.1_](* [_version 0.11.2_](* [_version 0.12.0_](* [_version 0.12.1_]( each release, WasmEdge delivers important features that enable new cloud native use cases for WasmEdge users and partners.++The list below highlights some of the technical achievements the team has accomplished since joining the CNCF sandbox. ++* Dynamic language support. Besides compiled languages such as Rust and C/C++, WasmEdge has added support for JavaScript, Python and PHP programs. WasmEdge supports the full JavaScript language spec as well as common JavaScript module systems, including ES6, CommonJS (CJS), and NPM modules. Python and PHP support is achieved through our collaboration with VMWare’s WasmLab. +* Container and K8s tooling. WasmEdge has reached OCI-compliance. That allows it to be managed and orchestrated by standard container tools, such as Docker, crun, containerd, CRI-O, K8s, Kind, OpenYurt, KubeEdge, SuperEdge.+* Advanced networking with the WasmEdge sockets library. It supports non-blocking sockets, DNS, TLS. That allows WadmEdge to run modern HTTPS client and server applications. +* Support for the Rust Tokio library. It allows many Tokio-based async Rust applications, especially async networking apps, to run seamlessly on WasmEdge.+* Connectors and drivers for commonly used microservice components, such as MySQL, PostgreSQL, Redis, Kafka, and Dapr. +* Support AI inference applications written in both Rust and JavaScript using Tensorflow, OpenVino, PyTorch trained models.+* Host SDKs in Rust, Go, C, C++, Python, and Java languages.++WasmEdge is the only WebAssembly runtime in the market that could run complete microservices, with support for web servers, HTTPS clients, and database connections. Through partnerships with Docker, Red Hat, and Microsoft, WasmEdge could be seamlessly integrated into the existing cloud native ecosystem.++## **Incubation Stage Requirements**++***Document that it is being used successfully in production by at least three independent direct adopters which, in the TOC’s judgment, are of adequate quality and scope.***++The full list of companies and projects that have incorporated WasmEdge into their product offerings can be found [on our website]( is a selected list of end-user organizations and products that are using WasmEdge for business workloads.

Not all of these are "end user" in the CNCF definition (eg Docker, Huawei). You should list the non end user ones seperately.


comment created time in 2 months

issue commentnotaryproject/.github

Proposal for renaming notaryproject/notary repository to notaryproject/notary-tuf

I don't think this makes sense. This project has had this name for a long time, and in future other repositories here may use TUF. The aim of giving other projects new names was to avoid any confusion, so this seems unnecessary.


comment created time in 2 months

issue commentcncf/toc

[REPO CREATION] Create wg-artifacts in cncf-tags



comment created time in 2 months

pull request commentnotaryproject/notary

Update readme to align with TUF

I think some of the uses of lower case notary are a bit confusing - it doesnt really make it less confusing to be lower case. I am generally ok though.


comment created time in 2 months


issue commentcncf/toc

Request for Review: TAG App Delivery - WG Artifacts

We had a working session last week, I think we are ready to go shortly.


comment created time in 3 months