README: Split containerized into OCI support and package strategy
This commit is contained in:
parent
845b74873e
commit
b064b12625
1 changed files with 23 additions and 13 deletions
36
README.md
36
README.md
|
@ -178,20 +178,30 @@ seminal paper by Ken Thomson, [Reflections on Trusting Trust](https://www.cs.cmu
|
|||
|
||||
A comparison of `stagex` to other distros in some of the areas we care about:
|
||||
|
||||
| Distro | Containerized | Signatures | Libc | Bootstrapped | Reproducible | Rust Deps |
|
||||
|--------|---------------|------------|-------|--------------|---------------|-----------|
|
||||
| Stagex | Native | 2+ Human | Musl | Yes | Yes | 9 |
|
||||
| Guix | No | 1 Human | Glibc | Yes | Partial (90%) | 4 (Unconfirmed) |
|
||||
| Nix | No | 1 Bot | Glibc | Partial | Partial (95%) | 25 |
|
||||
| Debian | Adapted | 1 Human | Glibc | No | Partial (96%) | 231 |
|
||||
| Arch | Adapted | 1 Human | Glibc | No | Partial (90%) | 127 |
|
||||
| Fedora | Adapted | 1 Bot | Glibc | No | No | 167 |
|
||||
| Alpine | Adapted | None | Musl | No | No | 41 |
|
||||
| Distro | OCI Support | Package Strategy | Signatures | Libc | Bootstrapped | Reproducible | Rust Deps |
|
||||
|--------|-------------|------------------|------------|-------|--------------|---------------|-----------|
|
||||
| Stagex | Native | External | 2+ Human | Musl | Yes | Yes | 9 |
|
||||
| Guix | Exported | External | 1 Human | Glibc | Yes | Partial (90%) | 4 (Unconfirmed) |
|
||||
| Nix | Exported | External | 1 Bot | Glibc | Partial | Partial (95%) | 25 |
|
||||
| Debian | Published | Inline | 1 Human | Glibc | No | Partial (96%) | 231 |
|
||||
| Arch | Published | Inline | 1 Human | Glibc | No | Partial (90%) | 127 |
|
||||
| Fedora | Published | Inline | 1 Bot | Glibc | No | No | 167 |
|
||||
| Alpine | Published | Inline | None | Musl | No | No | 41 |
|
||||
|
||||
### Notes
|
||||
|
||||
- “Bootstrapped”: Can the entire distro be full-source-bootstrapped from Stage0
|
||||
- “Reproducible”: Is the entire distro reproducible bit-for-bit identically
|
||||
- "OCI Support": Whether a distro is natively based around the composability
|
||||
and layering of Containerfiles ("native"), can be used to create an OCI
|
||||
or Docker container from its own package manager ("exported"), or has images
|
||||
published that can be used as the base for a Containerfile ("published").
|
||||
- "Package Strategy": Whether a distro separates the installation of software
|
||||
packages from the context assigned to building them
|
||||
- In StageX, Guix, and Nix, package management is declarative, and can be
|
||||
performed without a package manager in an execution context.
|
||||
- In Debian, Arch, Fedora, and Alpine, package managers are invokable
|
||||
command-line tools, with no native declarative management system.
|
||||
- "Bootstrapped": Can the entire distro be full-source-bootstrapped from Stage0
|
||||
- "Reproducible": Is the entire distro reproducible bit-for-bit identically
|
||||
- Statistics have been pulled from https://reproducible-builds.org/citests/
|
||||
- The statistic we care about the most is the distribution as a whole,
|
||||
meaning a combination of "core" packages as well as "extra" or
|
||||
|
@ -201,7 +211,7 @@ A comparison of `stagex` to other distros in some of the areas we care about:
|
|||
reproducible.
|
||||
- Arch Linux is currently out of date; as such, metrics have been pulled
|
||||
from their own site: https://reproducible.archlinux.org/
|
||||
- “Rust Deps”: the number of total dependencies installed to use rustc
|
||||
- "Rust Deps": the number of total dependencies installed to use rustc
|
||||
- Rust is a worst case example for compiler deps and build complexity
|
||||
- It is kind of a nightmare most distros skip
|
||||
- See: [Guix documenting their process](https://guix.gnu.org/en/blog/2018/bootstrapping-rust/) (similar to ours)
|
||||
|
@ -212,7 +222,7 @@ A comparison of `stagex` to other distros in some of the areas we care about:
|
|||
- The numbers listed here were generated by installing Cargo on a Docker
|
||||
Hub container of the distro in question, via the "rust-deps" scripts.
|
||||
|
||||
### Signatures
|
||||
## Signatures
|
||||
|
||||
* Signatures are made by the PGP public keys in the "keys" directory
|
||||
* Signatures are made by any tool that implements "[Container Signature Format](https://github.com/containers/image/blob/main/docs/containers-signature.5.md)"
|
||||
|
|
Loading…
Reference in a new issue