Add container labels for the runtime major/minor and SDK versions
baronfel opened this issue · comments
For provenance/security scanner purposes it would help if .NET images surfaced their runtime major/minor and SDK tooling versions. We propose:
- net.dot.runtime.majorminor - the TFM version this app is running on
- net.dot.sdk.version - the SDK major.minor.patch that was used to build this image
We're using net.dot
as a prefix because we own/control the https://dot.net
URI, and these are not intended to be labels constrained to the Microsoft-shipped .NET SDKs, but also for any SDKs built by our Source-Build partners and their users.
Another name is net.dotnet
. I'm not saying that's better, but an option. It's shorter and less Microsoft.
I dig it. I was leaning more in the 'this is Microsoft's opinion' line of thinking with the naming, but I'm not opposed to something more general.
We should "own" the domain name for whatever we use. http://dotnet.net does not appear to be owned by us, and is a blog last updated in 2007. The point of the naming scheme is to prevent collisions. I think we are safest with com.microsoft.dotnet
.
Sorry. I meant net.dot
. That said, I'm fine with either option.
Closing as we've implemented this for 8.0.300.