top | item 34936567

(no title)

koblas | 3 years ago

I cannot empasis how true this is. The classic UNIX problem was that the LPT printer daemon has an issue (it had lots and lots). But, none of your systems were running LPT, but you still had to patch 1000+s of systems just to maintain a security policy.

What's different between full on UNIX systems and Docker, the possibility of deploying code based on scratch images. Imagine a system which only had the pieces necessary to run in production, your security exception reports would go to zero.

discuss

goalieca|3 years ago

It’s almost free to rebuild and redeploy from a Dockerfile if you have a good devops culture. This would replace the traditional unattended upgrader with scheduled reboots.