Very light on the reasons why this is any better than alternative container-optimized OSes. Even the testimonials from the other Microsoft projects that migrated to Mariner are really grasping at straws like “we were able to migrate quickly” and “I guess it’s kinda nice to have a Microsoft team doing the patching work now”.
Seems like it’s just similar to RHEL: Linux with DNF, some tweaked defaults, and curated packages compiled with extra flags. It’s been 9 years since CoreOS came out with a bunch of good ideas, but Microsoft decided to just ignore all that and build another boring Linux distro? Let me know when one of these billion dollar companies does something novel for a change.
Disclaimer: I work for MS, but am not using Mariner.
From the folks that I’ve spoken to, the ‘maintained internally’ is the key win and it’s probably not useful for anyone outside. When there’s a security vulnerability, there’s a single flow for getting it deployed to any Linux-based Azure service if it’s on Mariner, which significantly reduces the time that a service is exposed.
I’ve actually used CBL Mariner before. Nix makes a very nice way to improve the package selection. Overall it was an okay distribution just the selection of packages was quite low which I guess is the main point anyway.
Very light on the reasons why this is any better than alternative container-optimized OSes. Even the testimonials from the other Microsoft projects that migrated to Mariner are really grasping at straws like “we were able to migrate quickly” and “I guess it’s kinda nice to have a Microsoft team doing the patching work now”.
Seems like it’s just similar to RHEL: Linux with DNF, some tweaked defaults, and curated packages compiled with extra flags. It’s been 9 years since CoreOS came out with a bunch of good ideas, but Microsoft decided to just ignore all that and build another boring Linux distro? Let me know when one of these billion dollar companies does something novel for a change.
Disclaimer: I work for MS, but am not using Mariner.
From the folks that I’ve spoken to, the ‘maintained internally’ is the key win and it’s probably not useful for anyone outside. When there’s a security vulnerability, there’s a single flow for getting it deployed to any Linux-based Azure service if it’s on Mariner, which significantly reduces the time that a service is exposed.
I’ve actually used CBL Mariner before. Nix makes a very nice way to improve the package selection. Overall it was an okay distribution just the selection of packages was quite low which I guess is the main point anyway.