Re: [ELPA] new package: tramp-docker

[zimoun]

Hi,

On sam., 08 oct. 2022 at 18:34, Richard Stallman <rms@gnu.org> wrote:

> Does Docker provide an easy way to verify that you have avoided such
> dependencies?  A way to make sure to avoid including them?

Docker refers to many things, from the container format to the way to
build such format via Dockerfile or even the company behind many tools.

Somehow, Docker is just a format for packing and distributing – as
tarball or .deb packages.  And it is possible to build this pack using
only free software.

For instance, GNU Guix is able to directly produce Docker packs [1] or
images [2] where all is verified and transparent.

Even, it is possible to inspect the resulting binary Docker pack
produced by Guix and then extract the required information for checking
and/or rebuilding it.  See [2] for an example.

The issue is not Docker per-se but all the tools around; for what my
opinion is worth.


1: <https://guix.gnu.org/manual/devel/en/guix.html#Invoking-guix-pack>
2: <https://guix.gnu.org/manual/devel/en/guix.html#image_002dtype-Reference>
3: <https://hpc.guix.info/blog/2021/10/when-docker-images-become-fixed-point/>

Cheers,
simon