Alpine Linux? * Package download without HTTPS; * Operation on archive content before signature checks; * Custom updater & tar handling code. Maybe you should use a real distribution for your base images and stop worrying about that extra 2Mo it takes on your 2To drive.https://twitter.com/tqbf/status/1040320695048302593 …
-
-
Universe of interesting things happen when you’re running hundreds of thousands of containers, on one machine. Number and size of simultaneous memory mappings is a thing. Technology is different now. Welcome to the new game.
-
This is not a typical use case, I'd dare to say it borders on the pathological. We do run on the order of tens of thousands containers, but spread across a couple of thousand nodes.
-
You want to understand why Alpine exists, you get to do some research. There is a lot of innovation happening past the typical these days. Typical systems are neither secure nor scalable. It shouldn’t surprise you a min container distribution exists. Hell, instantiation latency
-
I'm not surprised, I even see the benefit, but for our not so small use case, it borders on the irrelevant. Not worth accepting the risk of less than stellar security game.
-
Look, this bug begins and ends at not using https. The scene that doesn’t see that is the scene with the stale game.
-
It actually continues with extracting the archive before verifying the checksum.
-
No. The moment you parse a byte that didn’t come from the secure channel, you’re fucked. No exceptions. That includes the sum to check. It’s not saving you. Sorry.
-
Absolutely not. A package with a secure signature is a secure channel. You know, these days, not just using Uptane, which integrates well with package managers and solves all those problems, is something I don't understand.
- 13 more replies
New conversation -
-
-
A distro like debian/ubuntu/rhel/sles not only has many more packages, but also many more background services. I think alpine even comes without systemd, which is a huge advantage for small containers.
-
The reality is most of our code is assuming a different deployment model than we use in 2018. We can’t quite run containers directly on executables (init etc) but we get pretty close. It’s just chroot++.
-
Chroot++ is fine for many things and LXC works fine for many things. I am a bit disappointed by the alpine problems, as I thought of it as a really nice distribution for containers.
-
Relax. Everything interesting has had horrific bugs. Few interesting things haven’t.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.