lily
lily
I don't quite understand - why does the ssh command succeed during install but fail during a subsequent launch?
Additional context from meeting: it subsequently fails because we intentionally `shift aside old authorized_keys` after we set up the supervisor's final ssh configuration. So that part is intended behavior.
containerregistry is no longer broken with python 3. There's also an interesting sentence on the fix PR: > Ideally most folks would migrate over to go-containerregistry, but I understand that...
For documentation purposes: are those time fields little- or big-endian?
We could consider shipping a spire container, which would help with the portability, though not the startup time.
We could potentially have the best of both worlds by enabling this default but writing a webhook which requires images deployed in non-user namespaces to come from a whitelist of...
> requires images deployed in **non-user** namespaces to come from a whitelist of container registries As in, to mitigate the concern that we might accidentally pull something from dockerhub into...
We might consider trying to use [debos](https://github.com/go-debos/debos) for this.
Oh, I forgot I was assigned this. End of semester will do that. I don't think I did anything for it yet (Mostly because I haven't actually been able to...
Yes, should be fine