Closed rit001 closed 2 years ago
christianspecht
commented
2 years ago Honestly, I don't even remember where the link to this image came from.
In the commit where I added the Docker links to the docs, I linked two issues as sources, but the Juro image isn't linked there.
As I wrote in the docs, I don't have much Docker experience. Do you think I shouldn't link images where the build script is missing?
rit001
commented
2 years ago A docker image from an individual or small business you can not build from source is problematic as many users are just going to deploy it on trust, but will never truly know what they are running on their system.
I'm in no position to make general statements regarding what you should do or not do, but I'll be focusing on the other 2 examples you have provided as the amount of work needed to validate a pre-built container is not worth the time - even if I was certain that I had the skills (which I am not). Maybe you list it with a basic warning about the lack of a published build script and a request for any details that someone may have.
A link to this docker image is provided in the docs, but I can not find any details about the docker build script that was used to make the image. Does anyone know what the build is hosted?
While I'm sure it is just an oversight by the author, not having the ability to build the container means a lot more work making sure that nothing unexpected is included in the container.