search

aws / aws-lambda-base-images

Apache License 2.0
648 stars 107 forks source link

Put releases on a timeline manner #44

Open Negan1911 opened 2 years ago

Negan1911 commented 2 years ago

I don't believe that a year has passed, and we don't have a single freaking word about node16 on lambdas. #14 & #33.

I feel bad for the devs waiting on Python 3.10 #31 or Java 17 #29. No f*king talk that the current node12 and 14 versions are outdated and insecure and had already opened CVE's #28

What we should do so AWS put their shit together and release software in a timely manner?

dl748 commented 2 years ago

While I can't condone the wording, I definitely understand the frustration. Hell, I'm frustrated.

As for constructive criticism.

I almost feel that when they offered layers, updating runtimes became a secondary backburner.

Unfortunately, rolling your own marks against you in the 250 meg max limitation. Where base images did not count.

And it amazes me that AWS is touted as the automation king for services, doesn't have this automated in such a way that it just spits something out a week after release with only intervention when there is an error.

Negan1911 commented 2 years ago

If you told me that these people are running an OSS is totally understandable, but these people offer a bunch of services; once you got vendor-locked, they kindly forget that you basically exist.

They didn't produced a concrete answer after a full year of that release, I remember with node 12 was the same.

People are trusting their companies to AWS and they can't release software in a timely manner, we're not even talking about days but a full blown year.

One thing is if they were having troubles or something, but they're deliberately ignoring theirs customers

I almost feel that when they offered layers, updating runtimes became a secondary backburner.

Yeah but theirs solution is "serverless", I shouldn't be worrying about layers and base images unless I really want to. Even more, Layers are not supported on Lambda@Edge (which we use for Cloudfront), adds some cold start time and are a burden to maintain

dl748 commented 2 years ago

Yeah I believe Node 12 was released last February. But I agree, I mean I keep hearing how much money they are pulling in from AWS on the News all the time.

Personally, I'd like them to open up the source on the branches they've created here so people can submit new ones. Similar to how you can contribute to the SDKs. I'm not sure why its not done here.

jaikanthjay46 commented 2 years ago

The base image has 34 critical vulnerabilities published several months ago, but the latest base image was published like 3 days ago without patching them. @carlzogh @krk Can you look into it ?