Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Work on 1.14.5 with debian:bullseye-slim #20

Merged
merged 2 commits into from
Dec 4, 2021
Merged

Work on 1.14.5 with debian:bullseye-slim #20

merged 2 commits into from
Dec 4, 2021

Conversation

patricklodder
Copy link
Member

Uses latest stable Debian slim and latest Dogecoin Core.

As 1.14.4 has linux CVEs that got fixed in 1.14.5, and this has not yet been released, remove the entire 1.14.4 tree.

We should not ever knowingly publish vulnerable software.

@patricklodder patricklodder added the enhancement New feature or request label Nov 29, 2021
@patricklodder
Copy link
Member Author

(needs a rebase after #6)

@AbcSxyZ
Copy link
Contributor

AbcSxyZ commented Nov 30, 2021

What would be the good strategy to adopt ? That's the question.

Old softwares will have known vulnerabilities, it's a matter of time to have vulnerable versions published. Also, people may need previous version for some reasons, it can be something to deal with too.

I was looking at the strategy of postgres images, you can see their GitHub history for a specific version (10 here) and corresponding tags on Docker Hub.

They are:

  • Updating GitHub folder of a version with the latest minor release.
  • Leaving tags for each minor release on Docker Hub, having all versions available for download

The solution may be to publish all 1.14 release, having 1.14.5 pointing to dogecoin:1.14.5, dogecoin:1.14, dogecoin:latest ? Then the same for 1.21 ? Depend on the version strategy of Dogecoin Core. I'm not clear about what it is actually & how it works related to bitcoin.

@patricklodder
Copy link
Member Author

Old softwares will have known vulnerabilities, it's a matter of time to have vulnerable versions published.

Agree. Just, if we haven't published a vulnerable software yet and there is a patched alternative, we shouldn't.

having 1.14.5 pointing to dogecoin:1.14.5, dogecoin:1.14, dogecoin:latest

This. And with 1.21 you'll have dogecoin:1.21.0, dogecoin:1.21 and then that will be dogecoin:latest.

We need to define a QC gate for :latest and :<major>, which is going to be some more discussion.

However, what I'm saying is: if we haven't released 1.21.0 and 1.21.1 solves a CVE, then we should not release 1.21.0 after the fact.

@AbcSxyZ
Copy link
Contributor

AbcSxyZ commented Nov 30, 2021

if we haven't released 1.21.0 and 1.21.1 solves a CVE, then we should not release 1.21.0 after the fact.

All right.

@patricklodder patricklodder mentioned this pull request Dec 3, 2021
Open
@patricklodder patricklodder force-pushed the feat/1.14.5 branch 2 times, most recently from 98d5821 to fc9bbd0 Compare December 3, 2021 20:49
@patricklodder patricklodder marked this pull request as ready for review December 3, 2021 20:49
@patricklodder patricklodder requested a review from a team December 3, 2021 20:49
AbcSxyZ
AbcSxyZ previously approved these changes Dec 3, 2021
View reviewed changes
@AbcSxyZ
Copy link
Contributor

AbcSxyZ commented Dec 3, 2021

We have a functional Dockerfile :)

xanimo
xanimo previously approved these changes Dec 4, 2021
View reviewed changes
Copy link
Member

@xanimo xanimo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK. was weird when building concurrently using buildx build --platform=, ubuntu uses linux/686 as shorthand for i386 whereas debian uses linux/386. the more you know heh..
https://hub.docker.com/repository/docker/xanimo/1.14.5-dogecoin

@patricklodder patricklodder dismissed stale reviews from xanimo and AbcSxyZ via bb1f59b December 4, 2021 01:20
@patricklodder
Copy link
Member Author

Got conflicted with #19 - rebased, now it's okay again.

xanimo
xanimo approved these changes Dec 4, 2021
View reviewed changes
Copy link
Member

@xanimo xanimo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK
https://hub.docker.com/repository/registry-1.docker.io/xanimo/1.14.5-dogecoin/tags?page=1&ordering=last_updated

@xanimo xanimo merged commit daf10a7 into dogecoin:main Dec 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xanimo xanimo xanimo approved these changes

@AbcSxyZ AbcSxyZ AbcSxyZ approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@patricklodder @AbcSxyZ @xanimo