back to article Docker Hub security dissed, dodgy container image data damned

At DockerCon in San Francisco on Wednesday, CEO Steve Singh highlighted security as one of Docker's core principles. Only a day earlier, Germany-based security software development shop Kromtech suggested security wasn't a priority for the code containerizer. Over the past twelve months, Kromtech explained in a blog post, …

  1. Tom 38

    For instance, if you want to build a python -manylinux wheel (a binary package that will work on, wait for it, many versions of linux), the current specifications say you need to do it on a CentOS 5 image.

    There's lots of shit like that out there.

  2. Anonymous Coward
    Anonymous Coward

    Quality journalism! Kromtech’s butt hurt :)

  3. Anonymous Coward
    Anonymous Coward

    Docker container security

    Early on, I complained about the lack of cryptographically-signed Docker images and brought up the inherent problems of letting random people publicly post executable code (images) whenever they want, on the Github repo issues and was met with a brush off with “edge-cases” and a vague decision-by-committee deferment. These are the sort of developers whom chmod 777 and don’t understand the need for SELinux. I’ve concluded CoreOS and rkt are better solutions on the stack side, and that it’s stupid to use public containers in anything real... always build your own container base images from known-good, gpg-verified media/repos. Then and only they can you be sure this “easy sharing” BS isn’t dragging along noob mistakes/fragility or malware. Never get lazy by depending on random heaps of layered amateurism.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like