Description
Hi @crazy-max,
Thank you for maintaining the Docker image!
I have concerns about the package versions of Postfix and Rspamd. Since the packages aren't updated regularly, they may remain vulnerable if no new Anonaddy version triggers a rebuild.
To enhance security, I suggest implementing a daily auto-build for the image. Anonaddy can stay at its current version, but Postfix and Rspamd should receive the latest security patches. This aligns with Docker's best practices for keeping images up-to-date: Docker Best Practices.
I know about the "Automate new docker releases" issue (#268), but my focus is specifically on regular updates for Postfix and Rspamd.
We could try to set up an automatic trigger for changes in the Alpine repositories to rebuild the image when (security) updates are available:
But I propose adding a daily cron job in the GitHub workflow to push an auto-built image tagged as anonaddy:1.0.0-20231001, with a daily tag as daily. The existing latest tag can remain unchanged, and I would use the daily tag.
Thank you for considering this! Is a daily auto-build feasible, or do you have other suggestions?