Replying to Avatar Strypey

nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48

> I *do* have enough Infosec experience to not trust container images... Who knows what's in those things?!?

They're pretty legit if you roll your own. Or if you trust a software project to make regular releases, especially whenever there's a security update.

nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5

Avatar
R. L. Dane :debian: :openbsd: 2y ago

nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5

Yeah, it's going to be a big trust relationship, but man... with *so* many potential moving parts, you're trusting them to not only update their app in the container image, but every underlying utility and library used.

That sounds like a lot of work for a small FOSS project to keep up with. Even then, how much behind regular OS updates will the software contained in the image be, even if you update it every week?

Reply to this note

Please Login to reply.

Discussion

98
98fa4384... 2y ago

nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48

> Even then, how much behind regular OS updates will the software contained in the image be

Standard Docker, basically irrelevant most of the time

nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx