oodt-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Kelly <ke...@apache.org>
Subject Re: Docker and Oracle License Agreement
Date Thu, 09 Nov 2017 15:43:42 GMT
Thanks, Luca.

For the short term, please go ahead and add the warning like on [1] that 
using the image = agreeing to Oracle's license.

Another issue that we should address is the size of the image:

alpine               latest           76da55c8019d        8 weeks 
ago         3.97MB
nutjob4life/catpics  latest           de30a9f84796        6 weeks 
ago         57.4MB
lwieske/java-8       jdk-8u131-slim   326f0b00e419        4 months 
ago        164MB
python               2.7-slim         451c85955bc2        3 months 
ago        182MB
plone                latest           e9918460c2e8        9 months 
ago        424MB
oodthub/oodt-node    latest           cac1bf988d5d        3 months 
ago        1.38GB

1.38 *giga* bytes! I'm going to wager you're not using a multi-stage 
build here because that's enormous. Once you commit the Dockerfile we 
can work together to see if we can trim it down a bit.

Take care
--k


> Cinquini, Luca (398G) <mailto:Luca.Cinquini@jpl.nasa.gov>
> 2017-11-8 at 1.41 p
> Hi Sean,
> I am afraid I am responsible for creating those images :)…
>
> Chris asked me already to move them to the official Apache repo, which 
> is on my list of things to do.
> In the past, openJDK gave me problem when using some advanced SSL 
> features, like certificate authentication - not sure if that is the 
> case any more.
> I think we could start with your proposal [1] and then possibly 
> implement [3].
>
> BTW all these images are based on OODT-1.0, and contain only a few 
> core services (File Manager, Workflow Manager, Crawler).
>
> thanks, Luca
>
>
> Chris Mattmann <mailto:mattmann@apache.org>
> 2017-11-8 at 1.34 p
> Great catch!
>
> I would vote to just switch it to OpenJDK yay….
>
> Cheers
> Chris
>
>
>
>
> On 11/8/17, 11:33 AM, "Sean Kelly" <kelly@apache.org> wrote:
>
> Hi folks:
>
> I'm playing more and more with Docker and happily discovered that
> there's already an OODT presence on the Docker Store [1].
>
> So I pulled the oodt-node image [2] and looked inside ("docker history
> --no-trunc") and saw that one of the steps performed is:
>
> /bin/sh -c wget --no-cookies --no-check-certificate --header "Cookie:
> oraclelicense=accept-securebackup-cookie" -O
> /tmp/jdk-8-linux-x64.rpm
> "http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION}-${JAVA_BUILD_VERSION}/d54c1d3a095b4ff2b6607d096fa80163/jdk-${JAVA_VERSION}-linux-x64.rpm"
>
> What stands out is the cookie.
>
> My fear is that using this image effectively makes the user accept
> Oracle's license agreement for Java but in no way notifies the user this
> is happening.
>
> Could we at least update the page at [1] to warn users, similar to the
> way this unofficial Java 8 image does it [3]? Or even better, try OpenJDK?
>
> --Sean
>
> [1] https://store.docker.com/profiles/oodthub
> [2] https://store.docker.com/community/images/oodthub/oodt-node
> [3] https://store.docker.com/community/images/lwieske/java-8
>
> -- 
> Sean Kelly
> Member, Apache Software Foundation
>
>
>
> Sean Kelly <mailto:kelly@apache.org>
> 2017-11-8 at 1.33 p
> Hi folks:
>
> I'm playing more and more with Docker and happily discovered that 
> there's already an OODT presence on the Docker Store [1].
>
> So I pulled the oodt-node image [2] and looked inside ("docker history 
> --no-trunc") and saw that one of the steps performed is:
>
> /bin/sh -c wget --no-cookies --no-check-certificate --header "Cookie: 
> oraclelicense=accept-securebackup-cookie"     -O 
> /tmp/jdk-8-linux-x64.rpm 
> "http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION}-${JAVA_BUILD_VERSION}/d54c1d3a095b4ff2b6607d096fa80163/jdk-${JAVA_VERSION}-linux-x64.rpm"

>
>
> What stands out is the cookie.
>
> My fear is that using this image effectively makes the user accept 
> Oracle's license agreement for Java but in no way notifies the user 
> this is happening.
>
> Could we at least update the page at [1] to warn users, similar to the 
> way this unofficial Java 8 image does it [3]? Or even better, try 
> OpenJDK?
>
> --Sean
>
> [1] https://store.docker.com/profiles/oodthub
> [2] https://store.docker.com/community/images/oodthub/oodt-node
> [3] https://store.docker.com/community/images/lwieske/java-8
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message