Official Docker images and security updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hello,

 It seems the official Docker images are missing some important
security updates [1][2]. Does anyone have any insight in how these
packages get built and when?

 Their Dockerfile seems to come from here:
https://github.com/docker-library/official-images/blob/master/library/centos
(commit for "latest" says "update CentOS-7 - 20160331 - monthly
build").

 In the official Docker documentation [2] they suggest not running
`apt-get upgrade` which I understood as don't run `yum -y upgrade` for
CentOS. Any advice on whether it's best practice to always update
packages or not?

Thank you,
Giovanni

1 - http://pastie.org/pastes/10833370/text
2 - https://blog.docker.com/2016/05/docker-security-scanning/
3 - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux