karianna
commented
3 years ago We won't be removing old images (as that will break users) but we'll investigate sending signals about the obsoletion of these.
Open hashworks opened 3 years ago
karianna
commented
3 years ago We won't be removing old images (as that will break users) but we'll investigate sending signals about the obsoletion of these.
grzesuav
commented
3 years ago @hashworks removing them will cause many builds over many places to fails, as they won't be able to download it. So IMO adoptium should never remove any valid image from dockerhub.
Imagine that you have dockerfile using one of those for 5 years and suddently it stops working, I guess you won't be happy as it will force you to search mirror or to do ad-hoc migrations (which can not be an easy one)
hashworks
commented
3 years ago On my end I only noticed that people use those old images because builds where failing when the outdated libraries where unable to connect to our TLS endpoints.
Failing builds may be the only thing that causes people to use updated images instead of the same one for five years. What is better, a failed build that can be fixed in no time or run into security issues or bugs caused by an unmaintained image? I see no other way to reach out to those people than to remove them.
If you really want to keep those images you have to maintain them (add security patches and the like) IMHO.
In your dockerhub account are multiple image repositories that are over a year old and suffer from multiple security issues. Some of them have over 500k downloads and are still in use. Please remove them.