search

PawseySC / pawsey-containers

A collection of Dockerfiles and Singularity deffiles for Pawsey-supported images
15 stars 11 forks source link

Python update #31

Closed pelahi closed 8 months ago

pelahi commented 10 months ago

These updates were driven by the fact that the recipes for hpc-python were quite old and had a number of security holes.

The updates are to remove some critical sercurity holes and the related docker images on quay.io have been removed.

Elwell commented 9 months ago

I'd vigorously mark anything we don't actively maintain and patch as deprecated or unmaintained - that way anyone else using them should realise the risks they're taking

On Wed, 24 Jan 2024 at 17:43, Cristian Di Pietrantonio < @.***> wrote:

@.**** commented on this pull request.

On python/hpc-python-hdf5mpi/Dockerfile https://github.com/PawseySC/pawsey-containers/pull/31#discussion_r1464374304 :

I wonder whether we should mark Intel containers as deprecated (we do not want to maintain containers users can't use on our systems). I am wondering the same for CUDA, even though we might get NVIDIA nodes in the near future.

— Reply to this email directly, view it on GitHub https://github.com/PawseySC/pawsey-containers/pull/31#pullrequestreview-1840520957, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTBU5NA4ORMUO3LXTVLFLYQCUS5AVCNFSM6AAAAABBK33K56VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTQNBQGUZDAOJVG4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>

pelahi commented 8 months ago

@dipietrantonio sorry for reply to this comment so late but I don't understand your comment. The recipes are marked as deprecated. The containers I just removed as they have critical security holes. What else would you like to happen?

dipietrantonio commented 8 months ago

@pelahi what I meant is that we should remove them not only because of security, but also because we do not have an intel (user facing) machine anymore. Maybe let's create a tag for future reference. In other words, I worried that we would fix security holes and maintain the containers that won't be used on Setonix.

pelahi commented 8 months ago

Hi @dipietrantonio I did move the intel recipes to deprecated. I deleted the containers but let the repositories as empty. Did you want me to remove the repos entirely?