-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Work on 1.14.5 with debian:bullseye-slim #20
Conversation
(needs a rebase after #6) |
af7227a
to
e71ab29
Compare
What would be the good strategy to adopt ? That's the question. Old softwares will have known vulnerabilities, it's a matter of time to have vulnerable versions published. Also, people may need previous version for some reasons, it can be something to deal with too. I was looking at the strategy of They are:
The solution may be to publish all 1.14 release, having 1.14.5 pointing to |
Agree. Just, if we haven't published a vulnerable software yet and there is a patched alternative, we shouldn't.
This. And with We need to define a QC gate for However, what I'm saying is: if we haven't released 1.21.0 and 1.21.1 solves a CVE, then we should not release 1.21.0 after the fact. |
e71ab29
to
cff60db
Compare
All right. |
98d5821
to
fc9bbd0
Compare
We have a functional Dockerfile :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK. was weird when building concurrently using buildx build --platform=, ubuntu uses linux/686 as shorthand for i386 whereas debian uses linux/386. the more you know heh..
https://hub.docker.com/repository/docker/xanimo/1.14.5-dogecoin
fc9bbd0
to
bb1f59b
Compare
Got conflicted with #19 - rebased, now it's okay again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Uses latest stable Debian slim and latest Dogecoin Core.
As 1.14.4 has linux CVEs that got fixed in 1.14.5, and this has not yet been released, remove the entire 1.14.4 tree.
We should not ever knowingly publish vulnerable software.