- cross-posted to:
- programmerhumor@lemmy.ml
- cross-posted to:
- programmerhumor@lemmy.ml
You must log in or register to comment.
They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
I was just answering a question. I had the same response above.
And I was just adding extra details
