Open matthewvalimaki opened 8 years ago
Good idea! Where do you see we'll add this? At the top of the first RUN
statement?
@smebberson first run sounds right place to me. On all images of course. On Apr 10, 2016 7:34 PM, "Scott Mebberson" notifications@github.com wrote:
Good idea! Where do you see we'll add this? At the top of the first RUN statement?
— You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub https://github.com/smebberson/docker-alpine/issues/39#issuecomment-208128459
@matthewvalimaki, damn, I missed this in my recent updates. I should have added it in while I was there. Do you think a minor or patch release is okay for this addition?
@smebberson I think it's fine if you just push apk --update upgrade
to master and they'll be in images whenever you just make a new release.
@matthewvalimaki, I've made a bunch of progress on this. All of the new images have this, you can see the CHANGELOG for notes accordingly. I'll keep this open for now.
I recommend
apk upgrade --update
to be executed on every image. For examplelibcrypto
,libssl
andbind
are out of date. While security is responsibility of user providing latest (at the time of build at least) would be good practice.Also vaguely related: "Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers." https://github.com/coreos/clair/issues/12.