[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

04/05: reppar: Improve comparison with the latest Dockerish stuff.

From: Ludovic Courtès
Subject: 04/05: reppar: Improve comparison with the latest Dockerish stuff.
Date: Tue, 21 Jul 2015 10:03:04 +0000

civodul pushed a commit to branch master
in repository maintenance.

commit fde1e8d39816f3b94f940e41df991cc331f5b1e2
Author: Ludovic Courtès <address@hidden>
Date:   Tue Jul 21 11:30:47 2015 +0200

    reppar: Improve comparison with the latest Dockerish stuff.
 doc/reppar-2015/reppar.sbib          |   34 ++++++++++++++++++++++++++++++++
 doc/reppar-2015/reproducible-hpc.skb |   36 ++++++++++++++++++++++-----------
 2 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/doc/reppar-2015/reppar.sbib b/doc/reppar-2015/reppar.sbib
index d58efbc..bc5d18e 100644
--- a/doc/reppar-2015/reppar.sbib
+++ b/doc/reppar-2015/reppar.sbib
@@ -189,3 +189,37 @@ Priority Security Vulnerabilities")
   (title "Web Site of Fedora's Mock")
   (year "2015")
   (author (noabbrev "Fedora Project")))
+(article ruiz2015:kameleon
+  (author "Cristian Ruiz, Salem Harrache, Michael Mercier, and Richard 
+  (title "Reconstructable Software Appliances with Kameleon")
+  (journal "SIGOPS Oper. Syst. Review")
+  (volume "49")
+  (number "1")
+  (month "January")
+  (year "2015")
+  (issn "0163-5980")
+  (pages "80--89")
+  (numpages "10")
+  (url "";)
+  (doi "10.1145/2723872.2723883")
+  (acmid "2723883")
+  (publisher "ACM")
+  (address "New York, NY, USA"))
+(article boettiger2015:docker
+  (author "Carl Boettiger")
+  (title "An Introduction to Docker for Reproducible Research")
+  (journal "SIGOPS Oper. Syst. Review")
+  (volume "49")
+  (number "1")
+  (month "January")
+  (year "2015")
+  (issn "0163-5980")
+  (pages "71--79")
+  (numpages "9")
+  (url "";)
+  (doi "10.1145/2723872.2723882")
+  (acmid "2723882")
+  (publisher "ACM")
+  (address "New York, NY, USA"))
diff --git a/doc/reppar-2015/reproducible-hpc.skb 
index 2277f2f..6325be6 100644
--- a/doc/reppar-2015/reproducible-hpc.skb
+++ b/doc/reppar-2015/reproducible-hpc.skb
@@ -690,18 +690,30 @@ verifiability of mainstream package distributions.
 Google's recent Bazel build tool relies on container facilities provided
 by the kernel Linux and provides another DSL to describe build
-      (p [Reproducibility can be
-achieved with heavyweight approaches such as full operating system
-deployments ,(ref :bib 'jeanvoine2013:kadeploy3), VM
-deployments ,(ref :bib 'vangorp2011:share), and full-system
-container-based deployments ,(ref :bib 'kniep2015:reproducibility).  In
-addition to being resource-hungry, these approaches are coarse-grain
-and do not compose: if two different VM or Docker images provide useful
-features or packages, the user has to make a binary choice and
-cannot combine the features or packages they offer.  A side issue is
-security: it was recently reported that many official Docker images are
-plagued with serious unfixed security vulnerabilities ,(ref :bib
+      (p [Reproducibility can be achieved with heavyweight approaches
+such as full operating system deployments, be it on hardware or in VMs
+or containers ,(ref :bib '(jeanvoine2013:kadeploy3 ruiz2015:kameleon
+vangorp2011:share boettiger2015:docker)).  In addition to being
+resource-hungry, these approaches are coarse-grain and do not compose:
+if two different VM/container images or ``software appliances'' provide
+useful features or packages, the user has to make a binary choice and
+cannot combine the features or packages they offer.  Furthermore,
+``Docker files'', ``Vagrant files'', and Kameleon ``recipes'' ,(ref :bib
+'ruiz2015:kameleon) suffer from being too broad for the purposes of
+reproducing a software environment,(---)they are about configuring
+complete operating systems,(---)and from offering a inappropriate level
+of abstraction,(---)these recipes list commands to ,(emph [modify]) the
+state of the system image to obtain the desired state, whereas Guix
+allows users to ,(emph [declare]) the desired environment in terms of
+software packages.  Lastly, the tendency to rely on complete third-party
+system images is a security concern,(footnote [``Over 30% of Official
+Images in Docker Hub Contain High Priority Security Vulnerabilities'',
+,(url "";).])
+Building upon third-party binary images also puts a barrier on
+reproducibility: Users may have recipes to rebuild their own software
+from source, but the rest of the system is essentially considered as a
+``black box'', which, if it can be rebuilt from source at all, can only
+be rebuilt using a completely different tool set.])
       (p (emph [HPC package management.]) [ In the HPC community,
 efforts have focused primarily on the automation of software deployment
 and the ability for users to customize their build environment

reply via email to

[Prev in Thread] Current Thread [Next in Thread]