top | item 21845628 (no title) rgoldfinger | 6 years ago The same could be said for any use of docker images. Seems a little unfair to single out Github. discuss order hn newest reilly3000|6 years ago That's definitely true, but given the sensitivity of having access to private source and secrets I think its fair to call out a warning. ericlewis|6 years ago couldn't a malicious docker image also be tooled to dump all of that stuff to an external destination? load replies (1) ZitchDog|6 years ago Totally agreed. However, when do we stop making this mistake? I think it's worth a callout when a large organization designs a dependency management system with such an obvious flaw on the "happy path". mleonhard|6 years ago It should be possible to import specific docker imager versions into a private repository and use them for production.With Gitlab.com:https://docs.gitlab.com/ee/user/packages/container_registry/https://docs.gitlab.com/ee/ci/docker/README.html
reilly3000|6 years ago That's definitely true, but given the sensitivity of having access to private source and secrets I think its fair to call out a warning. ericlewis|6 years ago couldn't a malicious docker image also be tooled to dump all of that stuff to an external destination? load replies (1)
ericlewis|6 years ago couldn't a malicious docker image also be tooled to dump all of that stuff to an external destination? load replies (1)
ZitchDog|6 years ago Totally agreed. However, when do we stop making this mistake? I think it's worth a callout when a large organization designs a dependency management system with such an obvious flaw on the "happy path".
mleonhard|6 years ago It should be possible to import specific docker imager versions into a private repository and use them for production.With Gitlab.com:https://docs.gitlab.com/ee/user/packages/container_registry/https://docs.gitlab.com/ee/ci/docker/README.html
reilly3000|6 years ago
ericlewis|6 years ago
ZitchDog|6 years ago
mleonhard|6 years ago
With Gitlab.com:
https://docs.gitlab.com/ee/user/packages/container_registry/
https://docs.gitlab.com/ee/ci/docker/README.html