...
Those are not exact results but only some overview. Stats took only single container from every pod. Additionally those stats includes also upstream containers.
| Distro | N pods | Image size on disk | Number of packages | Licenses within base image |
|---|---|---|---|---|
| Debian | 47 | 123 MB/80 MB if slim/50 MB if minideb | 97 | Apache-2.0 Artistic BSD CC0-1.0 GFDL GFDL-1.2 GFDL-1.3 GPL GPL-1 GPL-2 GPL-3 LGPL LGPL-2 LGPL-2.1 LGPL-3 MPL-1.1 MPL-2.0 |
| CentOS | 50 | 193 MB | 173 | GPL v2, GPLv3, zlib, boost, MPLv2.0, OpenLDAP, OpenSSL, Public Domain, Python, SISSL and BSD, Vim, MIT, LGPL v2, LGPL v3, ISC, |
| Ubuntu | 21 | 118 MB | 93 | Apache-2.0 Artistic BSD CC0-1.0 GFDL GFDL-1.2 GFDL-1.3 GPL GPL-1 GPL-2 GPL-3 LGPL LGPL-2 LGPL-2.1 LGPL-3 MPL-1.1 MPL-2.0 |
| Alpine | 107 | 4.8 MB | 14 | MIT, GPL-2.0-only, OpenSSL, MPL-2.0, ISC, Zlib, BSD |
Compliance in distros
Based on dockerhub:
...
Same story with all other distros.
Proposal to move forward
- Organize a TSC vote on the list of licenses that can be used within ONAP containers
- Prepare license compliance to Alpine base image & helper ONAP images prepared by the integration
- Switch all components to use Alpine as a base image
- Make sure that every container updates compliance docummentation when it adds a new system package (tested in the gate)