BN docker image version from github #507
Comments
|
To clarify this issue:
Current proposed solution is not really nice as it requires us to keep updating version as new updates comes in (hard to keep up-to-date because of timezones) it also allows us (or attacker) to merge to master change which could swap lighthouse docker image with some malware to steal keys. |
us 😓 in that case, any solution is doomed
and we goona need to update recommended version in the same way, we can not run away from this (it will be possible only when everything become standardized)
just want to avoid this as can be confused in 10 different version what is best? for some newbie probably the newest dispute of recommendations, as everyone recommends to use newest probably the best will be some double mixed mega overkill 🗡️ solution 😄 |
It's quite different to pull from master of our repo and to receive something in binary.
If there is critical vulnerability, users can choose newer version immediately when released by client teams (those things rarely cause breaking change). As for regular versions we will have plenty of time to update recommended version and release new binary. Consider there is some critical vulnerability that people discover while we are at work, we have to wait for client team in australia to release fix which would happen at night so it would pass ~24hours before user can bump version.
Should be ordered with our recommended version highlighted and with |
At the current state, we use the docker image version from env.
We want to change it to pull the image version from this repository to simplify updating versions of images if there are no breaking changes for the chain guardian
The text was updated successfully, but these errors were encountered: