Closed AkihiroSuda closed 1 year ago
Wolfi might not be an option, as they seem to require an enterprise license for pulling old ~images~ tags: https://github.com/chainguard-images/images/tree/main/images/wolfi-base
View Image Catalog for a full list of available tags. Contact Chainguard for enterprise support, SLAs, and access to older tags.
Looks like old digests seem still available for free, though https://www.chainguard.dev/unchained/important-updates-for-chainguard-images-public-catalog-users
Images pulled by digest (that is, @sha256:...) will be available without logging in, but will not receive any updates or security fixes.
Wolfi might not be an option, as they seem to require an enterprise license
This is strictly about the enterprise Chainguard Images product, which is built on Wolfi, but is not Wolfi itself.
This seems fine for us:
Reproducible builds is hard with Alpine, as Alpine does not keep old packages: https://gitlab.alpinelinux.org/alpine/abuild/-/issues/9996
Debian, Ubuntu, and Wolfi are more suitable for reproducible builds, as they keep old packages:
Wolfi currently does not support armv7, s390x, ppc64le, and riscv64 though: