I only use docker images supplied by the devs themselves or community maintained (e.g. Linux server.io) so they essentially tell docker what needs to be installed in the container, not me. It takes the hassle out of trying to figure out what I need to do to get the service running. If they update their app, they’ll probably know best what else needs to be updated and will do that in the image. I guess you are relying on them to keep everything updated but they are way more knowledgeable than me and if there is a vulnerability, it is only in that container and not your other services.
Comment on Docker - what use is it?
clay_pidgin@sh.itjust.works 8 months agoHow does the container know what’s safe to update? Nextcloud (in this example) may need to stay on a specific version of some package and updating everything would break it.
brewery@lemmy.world 8 months ago
atzanteol@sh.itjust.works 8 months ago
The Dockerfile used to build the container controls what is in the container. It’s “infrastructure as code”-like. You create a script that builds the environment the application needs.
If you need a newer version of PHP you update the Dockerfile to include the new version. Then you publish the new container.