Comment on Do you rebuild your container images yourself?
HotDog7@feddit.online 1 day ago
I don’t know enough about code to verify things myself. And I assume this applies for a lot of us here. So I just pray that nothing’s fucked in the distribution chain.
fizzle@quokk.au 18 hours ago
I’m also in this category, but OP is talking about something else.
Like if you use container-x, which has an alpine base. If it hasn’t released a new version in several years then you’re using a several year old alpine distro.
I didn’t really realise this was a thing.
HotDog7@feddit.online 16 hours ago
Ah, I have no idea what that is. I thought OP meant building stuff directly from Github (e.g. Ungoogled Chromium). Thanks for the clarification! :)
fizzle@quokk.au 16 hours ago
Containers have layers. So if you create an instance of a syncthing container whoever built that container would have started with some other container. Alpine linux is a very popular base layer, just used as an example in this discussion.
When you download an image, all the layers underlying the application that you actually wanted, will only be as fresh as the last time the maintainer built that image. So if there were a bug in the alpine base, that might have been fixed in alpine, but wouldn’t by pushed through to whatever you downloaded.