Comments (5)
I very much actively do not want to do this for several reasons, but I'm open to listening. If you can provide a good reason for doing so, I will reconsider. My reasons against it are:
- The images are very minimal. Any subsequent packages you install for an application dependency will pull from the current release (in this case 6.6). This means you would not truly have a 6.4 image anyway.
- Shipping minor releases exposes users to known vulnerabilities such as shellshock, heartbleed, and other others not well known enough to have names. We tag by the major version and update every month to ensure the containers have no known security issues.
- By the nature of minor version tags, we would not be able to provide any updates for that image that did not automatically move it to the most recent minor tagged version.
Can you outline your use case, why it needs a specific minor tag, etc?
from sig-cloud-instance-images.
Hi Jim,
I also believe the community would benefit from and appreciate having minor releases images. The most important use case is none other than having a repeatable build.
To discuss your (still valid) points:
- Prior to updating or installing packages, users may have configured yum to use local mirrors pointing to a minor release repository.
- I speak only for myself, but in some cases I would like to take my own responsibility for this. Also, sometimes you actually need a vulnerable system, if only to experiment with the vulnerability.
- The important part of the minor release is the binaries as they once were. I had an incredibly hard time finding a suitable CentOS 6.5 image because admittedly I was too stupid to have saved my copy in a proper place, and I could not use CentoOS 6.6 packages, as I needed to simulate an existing environment using local 6.5 mirrors.
In sum: I understand these use cases are not the norm, and you have reasonable motivation. I'm not even sure minor tags are the best answer; maybe there could be an official archive for old images. As davebirch mentioned, a lot of people on CentOS registry page are asking for this, so the tradeoff for CentoOS here is between forcing users onto a more suitable image and the perceived frustration from lacking a (sometimes legitimate) choice.
Could you please reconsider, or maybe help the community find an alternative for this? At least going forward from 7.0?
from sig-cloud-instance-images.
It seems there's quite an overwhelming majority support for this. With the next monthly update, I'll add a 6.6 stock image, as well as a 7.0.1406 stock image. Since this will be built just slightly after Christmas, consider it my present to the community. From that point forward, minor update images will be available for the initial release only. The 6, 7, and 'latest' tags will still continue to point to the rolling releases. Fair?
I also reserve the right to blog angrily about this!
from sig-cloud-instance-images.
From what I can imagine, going from an initial release to any minor release using local mirrors should never be a problem. Given you seem to be handling this on your own, I'd say it's more than fair.
Also, pointing latest
at the rolling release is ideal. I'm pretty sure everyone would agree with that.
Thanks for the christmas present!!!
from sig-cloud-instance-images.
docker-library/official-images#384
This commit adds short names (centos:6 vs centos:centos6) as well as minor releases. Should be in the docker index soon.
from sig-cloud-instance-images.
Related Issues (20)
- Centos:7 image contains old kernel with security vulnerabilities HOT 2
- Linux Permission Issue
- CentOS-8-Stream docker file needs update
- centos7.8.2003 arm64 build
- When will CentOS 8.4.2105 be available on dockerhub? HOT 2
- will there a new centos 7 image with the security issues fixed? HOT 1
- remove ethtool
- When will CentOS 8.5.2111 be available on quay.io? HOT 4
- all cmake make
- centos 8 repo mirrorlists are deprecated HOT 12
- CentOS 7: vault.centos.org now has HSTS enabled, but default repo config uses `http` HOT 1
- Suggestion: Update the CentOS source IP address to the latest version
- centos 7 image vulnerabilities
- Build CentOS image with ssh enabled. FAILED! HOT 1
- How to upgrade the kernel of centos7 in a container
- `GLIBC_2.29` not found
- [Feature Request] yum install OpenSSL3 HOT 1
- Support for CentOS 9 docker image HOT 1
- I can't update the Centos7 image
- Found a bug in libm.so.6 in centos7.9.2009 image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sig-cloud-instance-images.