Trickery710
commented
1 year ago a GitHub action made it from https://snyk.io/ the main recommendation was to change the base image.
Closed Trickery710 closed 1 year ago
Trickery710
commented
1 year ago a GitHub action made it from https://snyk.io/ the main recommendation was to change the base image.
yosifkit
commented
1 year ago The base image is always up-to-date.
Background:
Tags in the [official-images] library file[s] are only built through an update to that library file or as a result of its base image being updated (ie, an image
FROM debian:busterwould be rebuilt whendebian:busteris built).
Official Images FAQ:
Though not every CVE is removed from the images, we take CVEs seriously and try to ensure that images contain the most up-to-date packages available within a reasonable time frame
Since our build system makes heavy use of Docker build cache, just rebuilding the all of the Dockerfiles won't cause any change. So we rely on periodic base image updates.
We strive to publish updated images at least monthly for Debian. We also rebuild earlier if there is a critical security need. Many Official Images are maintained by the community or their respective upstream projects, like Ubuntu, Alpine, and Oracle Linux, and are subject to their own maintenance schedule.
- from the same FAQ link
Trickery710
commented
1 year ago interesting. I appreciate the information. your docker files have been very helpful. do you want me to keep the chain up? or maybe build a separate branch. I plan on setting up more.
tianon
commented
1 year ago Whatever this is (I still don't fully understand what the purpose of these added files are), I don't think they're something we want here.
This doesn't look like an actionable PR.