Who ever said that -min was designed for development and embedding only? What if I wished (hypothetically) to host my own odd case of a production cluster open to all? Why are we gatekeeping the way people use this project?
I am not assuming what people think. It is futile since they would always state they had “actually thought” whatever gets them off the hook, and lend blame to the vagueness of terms set by the other. Where this argument is valid is perhaps within a legal team. If they say that using that argument puts the project at risk then I would be on board with this assumption, I would have to be. But it has nothing to do with engineering.
If we had security by default as this issue suggests then the argument on -min being insecure and in the “danger zone” would be invalidated right?
Would we reconsider in that case to publish a docker image?
If you wanted to run OpenSearch in the open, no one is saying you can’t (but it’s definitely not suggested): you can do it with tar.gz distributions. I just wouldn’t want someone to stumble into running something with non-sane defaults for security.
That issue is for 2.0. At 2.0, it’s probably a good idea to re-think a lot!
My perspective here is this: the whole project is in a better position when we have the simplest process to get going with OpenSearch. I would choose configuration over multiple choice, however I’m not a zealot here.
So, this would be my preference order:
A single, configurable Docker image
A tricked out image and an embed/development image (so, yeah -min image).
If we can’t make 1 to everyone’s liking, let’s go with 2.
An issue with this is the artifact size after installing all the plugins vs the -min. I would still prefer different distros so we are clear on what the image contains (having a config that uninstalls things before startup seems weird to me - Like getting a car with turbo and then having to remove that part from your engine every time you turn the key).
I guess then for v1 at least we would have the security-less -min as a tar.gz distro.