Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Using an abandoned image that nobody cares to update carries its own set of problems (e.g security)


As i said, if it's not exposed to the outside world and doesn't work with untrusted data, that claim is not entirely valid.

Imagine something like this getting abandoned, or someone running a year old version of it: https://github.com/crazy-max/swarm-cronjob/blob/master/READM...

Its only job is to run containers on a particular schedule, no more no less. There are very few attack vectors for something like that, considering that it doesn't talk to the outside world, nor processes any user input data.

Then again, it's not my job to pass judgement on situations like that, merely acknowledge that they exist and therefore the consequences of those suddenly breaking cannot be ignored.


If you depend on it, you should keep a local copy around that you can host if needed.

Things get abandoned all the time. When you make them part of your stack, you now are forever indebted to keeping them alive yourself until the point in which you free yourself from that burden.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: