Comments (5)
No worries about the wrong place. We actually stopped doing minor point releases, because people largely don't update. People were building containers that came with heartbleed and other vulnerabilities pre-installed by default because they wouldn't update.
The only variance introduced would largely be security and bugfix updates, which people should be doing anyway. If you can provide a convincing argument for minor releases, I'm certainly willing to reconsider. My current stance is that I don't want to enable people to be actively insecure in their containers.
from sig-cloud-instance-images.
That all makes sense and I agree with all of your points. Let me revisit this when I've run into an issue instead of a hypothetical issue.
How frequently would the centos6 image change? Just with security updates?
from sig-cloud-instance-images.
We respin the images monthly, usually around the 2nd-3rd of the month, so that it's a scheduled/regular thing people can know to expect. If there's a security issue that gets a name (heartbleed, shellshock, etc) obviously those are a bit more critical and warrant an update outside the normal schedule.
from sig-cloud-instance-images.
We had this break an image build that was using centos:centos6
when it went from 6.5 to 6.6. The application we are running within the image is picky about what version of the OS is running (needs to be set in a config file)
It makes sense to have the :latest
and major version tags be up to the latest release for security. Generally these are what are going to be used.
I still think that minor versions should be available.
That is part of the benefit of Docker and immutable infrastructure, to be able to pin to a certain version of the software. We can patch our own images for known vulnerabilities if we are using these versions.
from sig-cloud-instance-images.
docker-library/official-images#384 Adds support for minor releases (6.6, 5.11, and 7.0.1406) along with short-name support (centos:6 vs centos:centos6). It should be in the index soon.
from sig-cloud-instance-images.
Related Issues (20)
- Centos:7 image contains old kernel with security vulnerabilities HOT 2
- Linux Permission Issue
- CentOS-8-Stream docker file needs update
- centos7.8.2003 arm64 build
- When will CentOS 8.4.2105 be available on dockerhub? HOT 2
- will there a new centos 7 image with the security issues fixed? HOT 1
- remove ethtool
- When will CentOS 8.5.2111 be available on quay.io? HOT 4
- all cmake make
- centos 8 repo mirrorlists are deprecated HOT 12
- CentOS 7: vault.centos.org now has HSTS enabled, but default repo config uses `http` HOT 1
- Suggestion: Update the CentOS source IP address to the latest version
- centos 7 image vulnerabilities
- Build CentOS image with ssh enabled. FAILED! HOT 1
- How to upgrade the kernel of centos7 in a container
- `GLIBC_2.29` not found
- [Feature Request] yum install OpenSSL3 HOT 1
- Support for CentOS 9 docker image HOT 1
- I can't update the Centos7 image
- Found a bug in libm.so.6 in centos7.9.2009 image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sig-cloud-instance-images.