Containers are atomic

[tstivers1990]

This means containers should not install updates when starting. Or ever.

This is not how containers are supposed to be used, and leads to problems. Not to mention a slow startup time because the updates aren't persisted when the container restarts, and the updates run all over again when the container starts. Every. Single. Time.

If security updates should be applied to the container, then a new container should be built and published to the docker hub, so that users can update to the latest version of the container. This is how containers are intended to be used. Not like a VM where data is expected to be persisted across reboots.

[dlandon]

Since Zoneminder is potentially exposed to the Internet, security updates are applied when the container is started as needed. This is done because people will never update a container and will then blame me for not applying updates after they get hacked. It's the world we live in.

Updates ARE persistent across reboots. Only new security updates are applied, unless you remove and reinstall the container.

I do not have the time (and no one has offered to subsidize the effort) to stay updated on security issues and publish new containers.

If you don't like the way this container works, go find another one or fork this one and do it your way. Just be prepared to spend a lot of time on support if you offer it to other folks.

[tstivers1990]

Since Zoneminder is potentially exposed to the Internet, security updates are applied when the container is started as needed. This is done because people will never update a container and will then blame me for not applying updates after they get hacked. It's the world we live in.

This is not a valid justification for using containers in a way they were not intended to be used. Containers are atomic. If you want to apply security updates to a container, you build a new image, push the new image, the users pull the new image with the security updates applied, and install it. This is not your problem to solve. You are not responsible for people failing to keep their systems up to date. And this is not a valid justification for using containers in a way they weren't intended to be used.

Updates ARE persistent across reboots. Only new security updates are applied, unless you remove and reinstall the container.

And how are these updates persisted across reboots? The container's storage is atomic. When you reboot, the container loads whatever is in the image. The only things that persist are the volumes. And there's no way to run a volume that keeps updates.

Part of the reason you don't have the time is because you're doing things in an ass backwards way that doesn't make sense for the tools you're using. You're trying to use a hammer like you would use a screwdriver.

[tstivers1990]

The way you are using containers is probably the source of a lot of bugs within the container. Specifically, the MySQL bug that persists months later after being reported. Because when you update MySQL, it probably does something stupid due to the update scripts, that you wouldn't normally expect in a container where you're using a volume to persist the MySQL database.

[tstivers1990]

On the topic of money: You tell me who is going to pay someone to do things in the most ass backwards way possible.

[dlandon]

Feel free to fork it and do it your way. You are obviously much smarter than I am.

[alexyao2015]

@tstivers1990 https://github.com/zoneminder-containers/zoneminder-base

[tstivers1990]

@tstivers1990 https://github.com/zoneminder-containers/zoneminder-base

What about it?

[sgofferj]

@tstivers1990 Even if you are right with regards to the facts, I don't think there is any justification to be that abrasive. @dlandon has spent a lot of time to make zoneminder available as a container. He didn't ask anything for it in return. If you don't like his way to do it (which also frustrated me a few times in the past), don't use his images. If you think you can do it better, do it better. But being abrasive doesn't server any purpose other than creating a negative atmosphere.