Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

imho: always check what is upgrading - before make a decisions ..

the ubuntu:20.10 now want to upgrade the "libssl1.1"!

  docker run --rm -it ubuntu:20.10 bash -c "apt update && apt upgrade"
  ...
  The following packages will be upgraded:
   debianutils diffutils findutils gcc-10-base 
   libgcc-s1 libgnutls30 libprocps8 libssl1.1 libstdc++6
   libsystemd0 libudev1 procps sed zlib1g
the ubuntu:20.04 is better

  docker run --rm -it ubuntu:20.04 bash -c "apt update && apt upgrade"
  ...
  The following packages will be upgraded:
  gcc-10-base libgcc-s1 libstdc++6 zlib1g


One could do worse than using (more) stable distribution for their base images.

20.10 is not a LTS, so it's more likely to get semi-spurious updates than a LTS version like 20.04 or, say, debian stable.

For most of my non-alpine-based images, I use debian:buster-slim as base, as it's got a fairly stable base and gets quite routinely updated:

    $ docker run --rm -it debian:buster-slim bash -c "apt update >dev/null 2>&1 && apt upgrade"
    Reading package lists... Done
    Building dependency tree       
    Reading state information... Done
    Calculating upgrade... Done
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.


> I use debian:buster-slim as base

this image has been upgraded "39 hours ago".. so you have to check 1-2 month later

  debian  buster-slim    f49666103347   39 hours ago   69.2MB


That's part of my point ;) It's updated very often.

I check for base image updates every day, and it's one of the most oft-updated ones -- hence my preference for using it as "the" base of all others.


Monthly typically (and when important security updates are released): https://github.com/docker-library/official-images/pulls?q=is...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: