Comment on BentoPDF Docker Situation Update
ikidd@lemmy.world 2 days ago
That’s a real bitch if you’re running watchtower and have the latest tag set. If you aren’t watching this drama, it’s an easy pwn for whoever took it over.
Docker Hub needs to get their shit together.
TacoSocks@infosec.pub 2 days ago
That’s an interesting point, I’m kind of surprised if docker images don’t have any measures to prevent malicious takeovers.
Mora@pawb.social 2 days ago
Not sure what Docker Hub has, but as sys admin you can pin to a specific 256sha, so that specific image can’t be taken over. However that conflicts with the idea of just running Watchtower.