Virtualisation and Containerisation BoF * Not much interesting virtualisation? * It's all about containers * Inspection and inventory of container images * Notary project starting to implement container signing for security * What's the status of running systemd inside a container? * More containerd integration with Debian? * systemd has more knobs than docker in general, with respect to security * sandstorm sandbox for running web applications in isolation * disabling/restricted access to syscalls in this setup? * Must provide the ability to step outside docker and access the underlying container things * Add systemd containerisation features for all daemons to roadmap? * Lots of overlap between security policy tools such as apparmor and SELinux and containerisation/sandboxing * Haskell has tools to schedule NMUs for when dependent packages have been updated.