Replying to Avatar R. L. Dane :debian: :openbsd:

nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5 nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx

Well, that's definitely the right way to build them, but from a security perspective, you're still running potentially out-of-date software or at least libs, and are adding another layer of dependency (and another point of failure) to keeping a system up-to-date for security issues.

...

Avatar
R. L. Dane :debian: :openbsd: 2y ago

nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5 nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx

...

As with everything, it's a balancing act, and you have to evaluate how well an image maintainer keeps up with security update (and not just updates to their application), the threat level of that particular server, etc.

I just personally *never* hear people discussing that when they discuss using images. They talk about it like it's just another installation avenue like flatpak. :/

Reply to this note

Please Login to reply.

Discussion

Avatar
Strypey 2y ago

nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48

> They talk about it like it's just another installation avenue like flatpak

That's actually a very good comparison. Docker is kind of like FlatPak for servers. Although maybe more like AppImage.

As long as you have the latest image, you have the latest version of everything packaged inside it. Like any package manager, this can be automated. Everything else is handled by the OS, not Docker or the Container. That's my understanding, having only tinkered with Docker a little.

nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5