| ▲ | bluGill 2 hours ago | ||||||||||||||||
You are screwed either way. If you don't update your container has a ton of known security issues, if you do the container is not reproducable. reproducable is neat with some useful security benefits, but it is something a non goal if the container is more than a month old - day might even be a better max age. | |||||||||||||||||
| ▲ | tosti 22 minutes ago | parent | next [-] | ||||||||||||||||
Why is there a need for a package manager inside a container at all? Aren't they supposed to be minimal? Build your container/vm image elsewhere and deploy updates as entirely new images or snapshots or whatever you want. Personally I prefer buildroot and consider VM as another target for embedded o/s images. | |||||||||||||||||
| ▲ | dev_l1x_be 2 hours ago | parent | prev [-] | ||||||||||||||||
I update my docker containers regularly but doing it in a reproducible, auditable, predictable way | |||||||||||||||||
| |||||||||||||||||