DockerHub aim to host all Docker images and be Github equivalent for binaries. The immediate side effect is anyone can push a docker image and give it a name within his namespace. For sample, I have my own ndeloof/jenkins and ndeloof/java images on DockerHub.
Most users get confused with this and expect some way to filter them and only use some mature/stable images. Docker answer is the "official" certification for docker repositories, only letting mysql developers push the mysql image (without a user namespace prefix). Sounds good ... so far.
I just discovered the official java image : https://registry.hub.docker.com/_/java/
Who is owning Java™ ? Oracle would probably be the only one who would claim for this unique name as an official docker image provider, due to trademark ownership. Also, there's no description set for this official image - bad practice, a description should be a requirement to be an "official" image. Looking further at the Dockerfile for this image I notice this is actually an openJDK image, unrelated to Oracle, without any reason for this one to own the "java" name.
There's also an official jenkins image, created by my colleague Michael. Dockerfile is hosted on CloudBees github. For sure it's open to contributions, but not managed by jenkins-ci.org community, so I wonder how "official" this one is versus any other jenkins image and why it has been approved (according to this, based on face-to-face discussion).
Makes me thing Docker team is doing it wrong, letting arbitrary user claim for official ownership, without enough guarantees. As Maven central was growing, the process asked user to prove ownership on domain name, before they were able to publish under a specific groupId. I think Docker should adopt a comparable rule : you should not be able to publish an "official", namespace-less docker image for a product you don't own - easy for trademarks, not so simple for open-source projects.
Without stronger rules, I'm afraid Docker repository will become a mess of some-way-official-but-not-really Docker images, as well organize as my office :
Most users get confused with this and expect some way to filter them and only use some mature/stable images. Docker answer is the "official" certification for docker repositories, only letting mysql developers push the mysql image (without a user namespace prefix). Sounds good ... so far.
I just discovered the official java image : https://registry.hub.docker.com/_/java/
Who is owning Java™ ? Oracle would probably be the only one who would claim for this unique name as an official docker image provider, due to trademark ownership. Also, there's no description set for this official image - bad practice, a description should be a requirement to be an "official" image. Looking further at the Dockerfile for this image I notice this is actually an openJDK image, unrelated to Oracle, without any reason for this one to own the "java" name.
There's also an official jenkins image, created by my colleague Michael. Dockerfile is hosted on CloudBees github. For sure it's open to contributions, but not managed by jenkins-ci.org community, so I wonder how "official" this one is versus any other jenkins image and why it has been approved (according to this, based on face-to-face discussion).
Makes me thing Docker team is doing it wrong, letting arbitrary user claim for official ownership, without enough guarantees. As Maven central was growing, the process asked user to prove ownership on domain name, before they were able to publish under a specific groupId. I think Docker should adopt a comparable rule : you should not be able to publish an "official", namespace-less docker image for a product you don't own - easy for trademarks, not so simple for open-source projects.
Without stronger rules, I'm afraid Docker repository will become a mess of some-way-official-but-not-really Docker images, as well organize as my office :
4 commentaires:
Oracle's Weblogic dockerfiles (e.g. https://github.com/weblogic-community/weblogic-docker/blob/master/weblogic12c-zip/Dockerfile) uses docker/java as the base image (https://registry.hub.docker.com/u/dockerfile/java/) and it uses Oracle's java.
I also have my own Dockerfile to get Oracle java: https://github.com/ndeloof/java/blob/master/Dockerfile
anyway, nothing more official than dockerfile one (dockerfile is just a community project, unrelated to docker.io nor official in any way)
have you checked with your lawyer first? :)
And Debian (https://registry.hub.docker.com/_/debian/) is a semi official image. Do you know what that means ?
Enregistrer un commentaire