-
Notifications
You must be signed in to change notification settings - Fork 674
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add some text about extensions #164
Conversation
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
Keys are unique, and best practice is to namespace the keys. | ||
Keys MUST be unique, and best practice is to namespace the keys. | ||
If there are no annotations then this property MAY either be absent or be an empty hashmap. | ||
Implementations that are reading/processing manifest lists MUST NOT generate an error if they encounter an unknown annotation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/unknown annotation/unknown annotation key/ ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
SGTM, also, there are two annotations sections in this doc, but your PR only covers one of them. |
oops - got the other one now |
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
Keys are unique, and best practice is to namespace the keys. | ||
Keys MUST be unique, and best practice is to namespace the keys. | ||
If there are no annotations then this property MAY either be absent or be an empty hashmap. | ||
Implementations that are reading/processing manifest lists MUST NOT generate an error if they encounter an unknown annotation key. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you want to see this same sentence on the other section too?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
darn- I think I moved instead of copied. fixed -thanks!
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
Common annotation keys include: | ||
* **created** date on which the image was built (string, timestamps type) | ||
* **authors** contact details of the people or organization responsible for the image (freeform string) | ||
* **homepage** URL to find more information on the image (string, must be a URL with scheme HTTP or HTTPS) | ||
* **documentation** URL to get documentation on the image (string, must be a URL with scheme HTTP or HTTPS) | ||
|
||
### Extensibility | ||
The `annotations` property MAY be used as an extensibility point to include additional information that is not defined as part of this specification. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"extension point"
updated based on today's conf call |
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
@@ -85,13 +85,20 @@ A client will distinguish a manifest list from an image manifest based on the Co | |||
|
|||
This OPTIONAL property contains arbitrary metadata for the manifest list. | |||
Annotations is a key-value, unordered hashmap. | |||
Keys are unique, and best practice is to namespace the keys. | |||
Keys MUST be unique, and best practice is to namespace the keys. | |||
Keys starting with the `opencontainers.org` namespace are reserved and MUST NOT be used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly I like it. I'm wondering if just saying "... are reserved." would be enough? If not to be used, then should this cover when the are used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this not org.opencontainers
or is that not how it is done here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that ought to be clarified. I had in mind that it would be namespaced more
like an URL, rather than a java package.
On Thu, Jul 7, 2016 at 6:44 PM, Stephen Day notifications@github.com
wrote:
In manifest.md
#164 (comment)
:@@ -85,13 +85,20 @@ A client will distinguish a manifest list from an image manifest based on the Co
This OPTIONAL property contains arbitrary metadata for the manifest list. Annotations is a key-value, unordered hashmap.
- Keys are unique, and best practice is to namespace the keys.
- Keys MUST be unique, and best practice is to namespace the keys.
- Keys starting with the
opencontainers.org
namespace are reserved and MUST NOT be used.Is this not org.opencontainers or is that not how it is done here?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/opencontainers/image-spec/pull/164/files/e969158a0e4371760a72da3492b1b6803b03dc90#r70000997,
or mute the thread
https://github.com/notifications/unsubscribe/AAEF6dv8Fi4ZqyfxK79cBiFMdZTamp01ks5qTYFjgaJpZM4I-n6z
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Mon, Jul 18, 2016 at 10:20:04AM -0700, Vincent Batts wrote:
- Keys are unique, and best practice is to namespace the keys.
- Keys MUST be unique, and best practice is to namespace the keys.
- Keys starting with the
opencontainers.org
namespace are reserved and MUST NOT be used.that ought to be clarified. I had in mind that it would be namespaced more
like an URL, rather than a java package.
Does it matter? And as long as folks don't have actual hosts like
net.example.com, folks could use both. If we pick one ordering we
don't even have to worry about that, but I don't see any technical
difference between the two orderings.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
for all the specifics of clarification, it's interesting you don't see a
difference in the two
On Mon, Jul 18, 2016 at 1:27 PM, W. Trevor King notifications@github.com
wrote:
In manifest.md
#164 (comment)
:@@ -85,13 +85,20 @@ A client will distinguish a manifest list from an image manifest based on the Co
This OPTIONAL property contains arbitrary metadata for the manifest list. Annotations is a key-value, unordered hashmap.
- Keys are unique, and best practice is to namespace the keys.
- Keys MUST be unique, and best practice is to namespace the keys.
- Keys starting with the
opencontainers.org
namespace are reserved and MUST NOT be used.On Mon, Jul 18, 2016 at 10:20:04AM -0700, Vincent Batts wrote: > - Keys
are unique, and best practice is to namespace the keys. > + Keys MUST be
unique, and best practice is to namespace the keys. > + Keys starting with
theopencontainers.org
namespace are reserved and MUST NOT be used.
that ought to be clarified. I had in mind that it would be namespaced more
like an URL, rather than a java package.
Does it matter? And as long as folks don't have actual hosts like
net.example.com, folks could use both. If we pick one ordering we don't
even have to worry about that, but I don't see any technical difference
between the two orderings.—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/opencontainers/image-spec/pull/164/files/e969158a0e4371760a72da3492b1b6803b03dc90#r71190607,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAEF6bAfkHfDwksO7ouvp3gqeL1_LUfqks5qW7eBgaJpZM4I-n6z
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On Mon, Jul 18, 2016 at 10:31:59AM -0700, Vincent Batts wrote:
@@ -85,13 +85,20 @@ A client will distinguish a manifest list from an image manifest based on the Co
This OPTIONAL property contains arbitrary metadata for the manifest list. Annotations is a key-value, unordered hashmap.
- Keys are unique, and best practice is to namespace the keys.
- Keys MUST be unique, and best practice is to namespace the keys.
- Keys starting with the
opencontainers.org
namespace are reserved and MUST NOT be used.for all the specifics of clarification, it's interesting you don't
see a difference in the two
I'm all for picking one ordering to recommend, but I'm happy to flip a
coin to pick ;). Does anyone have a reason to not choose via
coin-flip?
It also looks like there's inconsistent whitespace on the indent here,
with the final new line using a tab while everyone else uses spaces.
do y'all think we can clear up this conversation on this feature? like maybe for v0.4.0? I'm for this feature. Perhaps just with clarity around the prefixing? |
I looked at both Docker and Kubernetes for examples and Docker seems to use the reverse notation (org.docker.*) while Kubernetes actually uses both based on (I guess) who wrote the code. Averaging it out, that pushes it a bit towards reverse domain notation, so I switched it to that and added a bit of text pushing people to follow that pattern. |
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
@duglin good thoughts, though to me that seems we should cover both use cases. |
you want to reserve org.opencontainers.* and *.opencontainers.org ? I guess we could, but I have to admit, the inconsistency I saw in Kube's docs on this, while not a show-stopper, is kind of weird - so my preference would be to pick one and stick with it. |
@brendandburns (or @thockin or @smarterclayton) have opinions on annotations prefixes? |
On Thu, Jul 21, 2016 at 05:53:43AM -0700, Doug Davis wrote:
I agree on picking one to reserve, and recommending other folks use |
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
Mimic opencontainers/image-spec#164 and they should be kept in-sync Signed-off-by: Doug Davis <dug@us.ibm.com>
I don't think there's much value in reserving both the forward and backward domains. The backward domain is pretty annoying, frankly, and I don't understand why anyone would prefer it. It's human-hostile, and we don't tend to use annotations as a hierarchy (like Java does). Decide which way is standard and run with it. I happen to think what is documented here is wrong, but Docker already chose that answer. |
the other benefit to having an |
@duglin There are some whitespace errors that is choking the CI. Want to fix those so we can re-LGTM and get this merged? |
Signed-off-by: Doug Davis <dug@us.ibm.com>
@stevvooe CI is fixed now |
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to stand alone at the end of the file, and pushed the annotations meat into the lower-level manifest specification (linking there from the higher-level manifest-list specification). The extensibility requirements and annotations field might arguably apply to our other JSON types as well, but I've left them off this commit to focus on making the current requirements more DRY without changing the specified behavior. [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
We're not forbidding other OCI specs from using these fields, we're forbidding all specs (except for future versions of image-spec) from using these fields. The wording I'm bringing in here matches what 873b9b6 (Add some text about extensions, 2016-06-26, opencontainers#164) landed for the org.opencontainers.* annotation namespace. Signed-off-by: W. Trevor King <wking@tremily.us>
We're not forbidding other OCI specs from using these fields, we're forbidding all specs (except for future versions of image-spec) from using these fields [1,2]. The wording I'm bringing in here matches what 873b9b6 (Add some text about extensions, 2016-06-26, opencontainers#164) landed for the org.opencontainers.* annotation namespace. My personal preference would be to use JSON-LD to assign explicit semantics to every field (after which you don't have to worry about namespacing the fields themselves) [2], but that would be a larger change ;). [1]: opencontainers#111 (comment) [2]: opencontainers#111 (comment) [3]: opencontainers#111 (comment) And later comments in that sub-thread. Signed-off-by: W. Trevor King <wking@tremily.us>
We're not forbidding other OCI specs from using these fields, we're forbidding all specs (except for future versions of image-spec) from using these fields [1,2]. The wording I'm bringing in here matches what 873b9b6 (Add some text about extensions, 2016-06-26, opencontainers#164) landed for the org.opencontainers.* annotation namespace. My personal preference would be to use JSON-LD to assign explicit semantics to every field (after which you don't have to worry about namespacing the fields themselves) [3], but that would be a larger change ;). [1]: opencontainers#111 (comment) [2]: opencontainers#111 (comment) [3]: opencontainers#111 (comment) And later comments in that sub-thread. Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate file, since it's a generic policy that applies to both our manifest and manifest-list. I've pushed the annotations meat into the lower-level manifest specification (linking there from the higher-level manifest-list specification). The extensibility requirements and annotations field might arguably apply to our other JSON types as well. The separate extensibility file sets the stage for that, but I've the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate file, since it's a generic policy that applies to both our manifest and manifest-list. I've pushed the annotations meat into the lower-level manifest specification (linking there from the higher-level manifest-list specification). The extensibility requirements and annotations field might arguably apply to our other JSON types as well. The separate extensibility file sets the stage for that, but I've the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. I've pushed the annotations meat into the lower-level manifest specification (linking there from the higher-level manifest-list specification). The extensibility requirements and annotations field might arguably apply to our other JSON types as well. The separate extensibility file sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) [4]: opencontainers#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, opencontainers#501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) [4]: opencontainers#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, opencontainers#501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers#164 (comment) [2]: opencontainers#164 (comment) [3]: opencontainers#164 (comment) [4]: opencontainers#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
The 'null' option has been in the JSON Schema since 78c7ff7 (manifest: add annotations, 2016-04-27, opencontainers#44), although I expect it was accidental. The spec has clearly not allowed: "annotations": null since 873b9b6 (Add some text about extensions, 2016-06-26, opencontainers#164) landed with the following (still current) requirements: Annotations MUST be a key-value map where both the key and value MUST be strings. and: If there are no annotations then this property MUST either be absent or be an empty map. Folks without annotations should not set the property at all, or they should set it to: "annotations": {} Signed-off-by: W. Trevor King <wking@tremily.us>
The 'null' option has been in the JSON Schema since 78c7ff7 (manifest: add annotations, 2016-04-27, opencontainers#44), although I expect it was accidental. The spec has clearly not allowed: "annotations": null since 873b9b6 (Add some text about extensions, 2016-06-26, opencontainers#164) landed with the following (still current) requirements: Annotations MUST be a key-value map where both the key and value MUST be strings. and: If there are no annotations then this property MUST either be absent or be an empty map. Folks without annotations should not set the property at all, or they should set it to: "annotations": {} Signed-off-by: W. Trevor King <wking@tremily.us>
Generating an error seems like one potential violation of the requirement to ignore unknown properties. Compliance testing for the ignore requirement can cite the MUST I've written here for any noticeable runtime activity around the unknown property without needing a error-specific MUST. We've had the two MUSTs since 27a05de (Add text about extensions, 2016-06-26, opencontainers#510), citing [1]. I'd asked for consolidated phrasing then [2,3], but hadn't followed up after the commit landed. I've left a line mentioning the error activity as non-normative clarification, but am also happy to drop that line completely. Also: * Update the unknown annotation entry to reference the generic extensibility section, because there's nothing annotation-specific in how we want runtimes to handle unknown keys. * Remove "reading or processing" language. This initially landed in 27a05de with a bump in b92cf90 (consistency and style fix, 2017-05-12, opencontainers#811). Some thought was put into this phrasing there [4,5] and earlier in opencontainers#510 [6], but we never got around to dropping this qualifier. However, the purpose of this qualifier is unclear to me. What is the point of compliance requirements for runtimes which don't read or process a configuration? [1]: opencontainers/image-spec#164 [2]: opencontainers#510 (comment) [3]: opencontainers#510 (comment) [4]: opencontainers#811 (comment) [5]: opencontainers#811 (comment) [6]: opencontainers#510 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, #501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers/image-spec#164 (comment) [2]: opencontainers/image-spec#164 (comment) [3]: opencontainers/image-spec#164 (comment) [4]: opencontainers/image-spec#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, #501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers/image-spec#164 (comment) [2]: opencontainers/image-spec#164 (comment) [3]: opencontainers/image-spec#164 (comment) [4]: opencontainers/image-spec#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, #501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers/image-spec#164 (comment) [2]: opencontainers/image-spec#164 (comment) [3]: opencontainers/image-spec#164 (comment) [4]: opencontainers/image-spec#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, #501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers/image-spec#164 (comment) [2]: opencontainers/image-spec#164 (comment) [3]: opencontainers/image-spec#164 (comment) [4]: opencontainers/image-spec#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
As I suggested in the PR landing these blocks [1,2,3]. I've shifted the extensibility section to a separate considerations.md, since it's a generic policy that applies to both our manifest and manifest-list. The extensibility requirements might arguably apply to our other JSON types as well (like annotations, which were recently DRYed up in f15a268, annotations: make a designated doc and DRY a bit, 2016-12-15, #501). The new extensibility section sets the stage for that, but I've left the other types off this commit to focus on making the current requirements more DRY without changing the specified behavior. My personal preference would be to have separate canonicalization.md and extensibility.md files, but Jonathan wanted the single file: On Mon, Oct 10, 2016 at 09:22:46AM -0700, Jonathan Boulle wrote [4]: > Ehh, I preferred it where it was - now worried about death by a > thousand files (extensibility, canonicalization, etc etc). Can we > combine them (into a generic "considerations" document or similar), > or just put this back? [1]: opencontainers/image-spec#164 (comment) [2]: opencontainers/image-spec#164 (comment) [3]: opencontainers/image-spec#164 (comment) [4]: opencontainers/image-spec#340 (comment) Signed-off-by: W. Trevor King <wking@tremily.us>
Need to be kept in-sync with: opencontainers/runtime-spec#510
Signed-off-by: Doug Davis dug@us.ibm.com