Inter-WG coordination: Stable application runtimes

Matthew Miller mattdm at
Mon Jan 13 13:39:03 UTC 2014

On Sun, Jan 12, 2014 at 04:39:12PM -0800, Adam Williamson wrote:
> You're preaching to the choir. But if in practice people really don't
> deploy things via the distribution packages, it doesn't matter how
> awesomely secure the distribution packages are. Something that you're
> not using is never providing you with any additional security.

So for me, the question is: how can we make these things at least meet in
the middle? Can we bring some of the distro benefits to the application
deployment area? I think we can. Right now, I think Docker might be the most
interesting approach for that (possibly future Docker with greater future
OpenShift integration). This takes two things from Fedora (which are outside
of the traditional distribution but can still easily fit under our

First: People can build Docker application containers with Fedora packages.
But our packages (like all packages intended to be part of a whole system)
are kind of badly suited for this -- they have dependencies on systemd, they
expect a certain logging infrastructure, etc. We could have package variants
meant for building app containers. (This'd be an interesting COPRs

Second: we could start building a library of pre-packaged application
containers. Again, Docker makes an interesting and currently-hot technology
to do this on (although it doesn't have to be Docker, of course). For
example, an easy Fedora-based image with OwnCloud ready to go.

Matthew Miller    --   Fedora Project    --    <mattdm at>

More information about the devel mailing list