nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5
Yeah, this is another area where my very siloed IT experience bites me in the butt.
I just don't have the general experience to maintain a web application server.
I *do* have enough Infosec experience to not trust container images... Who knows what's in those things?!? Who knows if it's getting regular security updates? Does anybody really inspect them?
It's a massive security disaster waiting to happen.
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> I *do* have enough Infosec experience to not trust container images... Who knows what's in those things?!?
They're pretty legit if you roll your own. Or if you trust a software project to make regular releases, especially whenever there's a security update.
nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5
Yeah, it's going to be a big trust relationship, but man... with *so* many potential moving parts, you're trusting them to not only update their app in the container image, but every underlying utility and library used.
That sounds like a lot of work for a small FOSS project to keep up with. Even then, how much behind regular OS updates will the software contained in the image be, even if you update it every week?
