Hi Scott, So I'm a bit late to this and have read the thread, also asked a few people.
> Last November, Red Hat announced Project Hummingbird [1], a catalog of > minimal, hardened container images designed to accelerate application > development with a minimal CVE strategy. The images include the latest > languages and runtimes (Node, Go, .NET, Java, Python, Rust, Ruby), > developer databases (PostgreSQL, MariaDB), web servers and proxies > (Nginx, Caddy, HAProxy), and other foundational components for modern > application stacks [3]. I mean that sounds interesting... > What's interesting for Fedora: Project Hummingbird is built using the > open source development process, originating from Fedora Linux > components (some Rawhide, some Stable). The press release notes that > unsupported images are freely available and redistributable, following > a similar model to Red Hat Universal Base Image (UBI) [5]. The work is > already happening in the open [2] with images available [3]. I mean Fedora is built using "the open source development process" too. The press release on the other hand is mostly marketing hype for enterprise types... it's like "Florals for Spring... groundbreaking!" > We'd like to explore bringing this work more formally into the Fedora > community and creating a space where this innovation can continue in > the open. This would follow similar patterns we've seen with other > successful incubation efforts in Fedora like ELN [4]. Most of the 'incubation' efforts like ELN benefit RH and not the community, eg ELN is building rawhide with RHEL constraints for the next RHEL, I've mostly found that ELN makes more work for me and does provide benefit. I'd be interested to know how Hummingbird solves problems for the community rather than RH piling more work and expectations on the community. > Before we go down the formal Change Proposal path, I wanted to gauge > community interest and see if there's appetite for this kind of > project. I would like to see a lot more architectural details on the website. On the main page it mentions "minimal, hardened, and secure container images" ... I mean ground breaking (last decade!) but when I dig into details I get very little. I go to the background [1] section and it mentions rpms, container repos and such but what I'm really interested in is you mention in threads it uses rpms, and Fedora and rawhide and upstream. It doesn't go into that detail. When I dig into user and developer flow it mostly just covers pretty standard container workflows.... again ground breaking! What I would really like to see is not the marketing fluff and basic documentation but an architectural overview on the website that shows that this isn't just jamming a bunch of rpms into a container, probably doing some form of donkey patching for upstream CVEs and shoving it out into a container repo. I would have expected there to be some details of the actual architecture on the web site. Then knowing the above why I would want to see this in Fedora, what value does it provide to me and the community and others outside of RH, and that it's not just some more outsourcing of RHEL development to Fedora to dump stuff in the ecosystem without any real value to them to make Hummingbird easier for RH to use for their paying customers. Peter [1] https://hummingbird-project.io/docs/background/ -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
