Containers / Culture / Development

This Week in Programming: Docker Distribution Gets a Home at the CNCF

6 Feb 2021 6:00am, by

Docker Distribution, the open source project that serves as the basis for the Docker Hub container registry and several others such as Harbor, has been donated to the Cloud Native Computing Foundation (CNCF) this week to seemingly unanimous applause by the community at large.

If you’ve been following along, there has been a bit of a to-do around Docker Hub in recent months, when the company said that it would begin rate-limiting image pulls, causing a number of companies to launch their own alternatives. While Docker doesn’t refer to this situation directly, it does note that there are now “many registries” based on the Docker Distribution code. The problem, they write, is that “many people had small forks and changes that they were not contributing to the upstream version, and the project needed a broader group of maintainers.” As such, they decided to move the project over to the CNCF, where it will now enjoy maintainers from Docker, GitHub, GitLab, Digital Ocean, Mirantis, the Open Container Initiative, and the Harbor project.

Of course, if you go looking for it, you can always find a dissenting opinion of one sort or another, and one commenter on Hacker News opines that they fear this is merely a move by Docker to preserve its “diminishing cash.” Docker Chief Technology Officer Justin Cormack quickly set the commenter straight, however, pointing out the large group of maintainers, writing that “having this as a project in the Docker GitHub org rather than as open governance just doesn’t make sense with so many users.” Ahmet Alp Balkan, a developer with Google, also backed the move on Twitter, writing that seeing the project move to the CNCF “Makes me personally happy because I have a decent amount of commits in this repo.”

Currently, the project will be a CNCF Sandbox project, but Docker writes that “as it is a mature project we will be proposing that it moves to incubation shortly.”

This Week in Programming

  • NPM 7 CLI Has Arrived: Touting “a significant impact on the performance,” npm 7 is now generally available, bringing new features and breaking changes to the Javascript package manager’s latest version. According to the announcement, npm CLI 7 shipped 45 releases since August, reducing dependencies by about 54%, increasing code coverage by around 17% and significantly improving performance, as shown by various benchmarks across numerous examples. While npm 7 was first released in October, it was opt-in, and has now been made default. As noted when it was first released, one of the biggest features to arrive with npm 7 was that of workspaces, which adds support for managing multiple packages from within a singular top-level, root package. In this latest announcement, two additional changes have been highlighted. First, there has been a new lockfile format that “unlocks the ability to do deterministic and reproducible builds to produce a package tree.” Second, npm 7 will now “block installations if an upstream dependency conflict is present that cannot be automatically resolved,” giving users the ability to force it to bypass the conflict or ignore peer dependencies entirely, instead of moving forward without a warning by default, as was the case with npm versions 4-6.

  • GitHub Reduces Marketplace Fees, Expands Video Comment Support: The latest this week in “what’s up with GitHub” comes in the form of reduced Marketplace transaction fees for apps sold in its marketplace, with app owners increasing their take from 75% to 95%, as GitHub reduces its transaction fee to just 5%. At the same time, the company said it would be simplifying its app verification process for inclusion in its Marketplace. Rather than a “deep review of app security and functionality,” GitHub will now verify “common-sense security precautions” before including an app. Beyond Marketplace updates, GitHub also said it was expanding support for video uploads, a feature the company had added in public beta back in December, when it began to allow users to upload .mp4 and .mov files to issues, pull requests, and discussion comments. Now, users can upload videos to gist comments and team posts, with a size limit of 100MB.
  • Microsoft Offers Quantum Computing Public Preview: What, you don’t have a quantum computer sitting in your office? Well, now you do, as Microsoft has begun to offer “the world’s first full-stack, public cloud ecosystem for quantum solutions” with the public preview of Azure Quantum. Not only will the preview give you access to a quantum computer, but also tools such as the open source Quantum Development Kit (QDK), Microsoft’s new Quantum Intermediate Representation (QIR), a common open source interface between languages and target quantum computation platforms, and a resource library full of Katas and samples. For more details, Microsoft is also offering an Azure Quantum Developer Workshop on Feb. 2 at 8 a.m. PST, which will include demos and a live Q&A at the end of the workshop.

  • Red Hat’s “Guide” for Using CentOS Code: Red Hat recently announced some changes around CentOS, deprecating CentOS in favor of its streaming edition, and now the company is offering up a  guide for using CentOS Project code in the form of a list of “do’s and don’ts”. The company says that “many people have approached us asking about how we will publish the CentOS sources” and that, “in short, we are not making any changes to this process.” Now, if that’s not enough for you, feel free to click through and read Red Hat’s “guidance,” which mostly comes in the fashion of advising you to “follow the Red Hat trademark guidelines,” comply with the licensing, and perhaps even “prominently include” a disclaimer regarding Red Hat’s ownership of the trademarks.
  • FOSDEM Redefined: As you open source folks are well aware, this weekend is FOSDEM 21, the (now online) conference focused on free and open source software, and all its related topics. At least one developer out there is not a fan of the conference, and has offered an alternate take on the schedule, titled “FOSDEM: more boring shit,” that’s well worth the read if you’re up for some snark. As for who they are, well, I’m not entirely sure because I didn’t dig that deep and their “about” page provides no insight, but a look at the source does give a bit more clarity into their opinion of FOSDEM. “Free and Open Source Software Developers’ European Meeting (FOSDEM) is a non-commercial, volunteer-organized European mistake centered on free and open-source attention whoring,” they write. “It is aimed at TEDx wannabes and anyone interested in the free and open-source noisemaking movement. It aims to enable social media engagement specialists to meet and to promote the awareness and use of themselves.” Well, alrighty then.

The Cloud Native Computing Foundation and Red Hat are sponsors of The New Stack.

Feature image par Robert Allmann de Pixabay.

The New Stack is a wholly owned subsidiary of Insight Partners. TNS owner Insight Partners is an investor in the following companies: MADE, Mirantis, Docker, Bit.

A newsletter digest of the week’s most important stories & analyses.