Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always upgrade packages #39

Open
matthewvalimaki opened this issue Apr 8, 2016 · 5 comments
Open

Always upgrade packages #39

matthewvalimaki opened this issue Apr 8, 2016 · 5 comments

Comments

@matthewvalimaki
Copy link
Contributor

I recommend apk upgrade --update to be executed on every image. For example libcrypto, libssl and bind are out of date. While security is responsibility of user providing latest (at the time of build at least) would be good practice.

Also vaguely related: "Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers." quay/clair#12.

@smebberson
Copy link
Owner

Good idea! Where do you see we'll add this? At the top of the first RUN statement?

@matthewvalimaki
Copy link
Contributor Author

@smebberson first run sounds right place to me. On all images of course.
On Apr 10, 2016 7:34 PM, "Scott Mebberson" notifications@github.com wrote:

Good idea! Where do you see we'll add this? At the top of the first RUN
statement?


You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub
#39 (comment)

@smebberson
Copy link
Owner

@matthewvalimaki, damn, I missed this in my recent updates. I should have added it in while I was there. Do you think a minor or patch release is okay for this addition?

@matthewvalimaki
Copy link
Contributor Author

@smebberson I think it's fine if you just push apk --update upgrade to master and they'll be in images whenever you just make a new release.

@smebberson
Copy link
Owner

@matthewvalimaki, I've made a bunch of progress on this. All of the new images have this, you can see the CHANGELOG for notes accordingly. I'll keep this open for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants