Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You probably shouldn’t be using Ubuntu base images anyways. The closer you can get to “scratch” the better, and the fewer security related issues you’ll have. For most use cases I think Alpine is a much better base image.


That's more about trust and faith in the maintainers of the distribution (that they won't screw up).


It's about having the minimal number of system packages and libraries that your app actually needs.

Alpine is leaner so attack surface is thinner.


This. If you start adding stuff to "FROM scratch", you are creating your own obscure Linux distro. When you screw up, there are no other customers to report bugs to you, much less other maintainers to help.


You really shouldn't be adding stuff to "FROM scratch" unless you have one statically linked binary and maybe some config files or something like that. If you actually need packages, you should use something like Alpine if possible.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: