When using oras for local testing and validation, we shouldn't have to specify the media-type. Registries only support a single type for a given content addressable url.
Requiring the -media-type only complicates the default learning experience

The --media-type and --allow-all are used to prevent downloading unnessary blobs.

For example, use oras to try to pull a helm chart from a large docker image. The operation should fail without downloading the docker image.

The user should be aware of what they're pulling. Having to specify both the image:tag reference, and the media-type is duplicate info. Having to type --allow-all is just another parameter they must type, even though they know the reference they want.

It would be like requiring someone to specify linux or windows on a multi-arch image. They're specifying the tag. The rest just happens.

@SteveLasker Are you suggesting that we should make --allow-all=true by default? /cc @jdolitsky

Are you suggesting that we should make --allow-all=true

Yup.

But, talking with @sajayantony , I realized this has the assumption that we've done the split #181 of the oras binary and oras-library. The assumption is the library has all the strict apis, enabling very specific configurations. Meaning, reg-doc would push and pull the mediaType=application/x.reg-doc.
However, in the oras binary, we'd be more generic.

Rather than having to specify

oras push localhost:5000/foo:bar \
  --manifest-config /dev/null:application/x.thingthang.v0 \
      file.txt:application/tar

oras pull localhost:5000/foo:bar --allow-all

I could simply do:

oras push localhost:5000/foo:bar file.txt
oras pull localhost:5000/foo:bar

The resultant manifest would be:

{
  "schemaVersion": 2,
  "config": {
    "mediaType": "application/x.unknown.config.v0+json",
    "digest": "sha256:e752324f6804d5d0b2c098f84507d095a8fd0031cf06cdb3c7ad1625dcd1b399",
    "size": 7097
  },
  "layers": [
    {
      "mediaType": "application/tar",
      "digest": "sha256:83c5cfdaa5385ea6fc4d31e724fd4dc5d74de847a7bdd968555b8f2c558dac0e",
      "size": 25851449
    }
  ]
}

Let's remove the option --allow-all and related options from the CLI to improve the UX. /cc @qweeah

ack

@shizhMSFT just confirming the tar mediaType. Will all files be placed in a tar archive, meaning it will also maintain the file names without the annotation? This would really help simplify things. Having the api support all granularity would enable implementers to make their choice per type.

@SteveLasker That's still in the discussion (see #178 ). Also,

Will all files be placed in a tar archive, meaning it will also maintain the file names without the annotation?

The above statement looks a brand new topic to discuss with.

Although the pull command documentation is updated and mentions this issue as a reason to eliminate --media-type and --allow-all, yet the oras pull --help and the implementors' documentation are not updated. I was very confused while trying to work with those flags. Should we open a separate issue for this?

Although the pull command documentation is updated and mentions this issue as a reason to eliminate --media-type and --allow-all, yet the oras pull --help and the implementors' documentation are not updated. I was very confused while trying to work with those flags. Should we open a separate issue for this?

@osamamagdy Yes, please help to raise a new issue to track. I think we need to update the documentation accordingly.

@osamamagdy thanks for bring this up, I already raised a PR to fix it oras-project/oras-www#45