@jlelse@social.jlelse.me there is an image @ #dockerhub called #mozilla/syncserver, but that is inofficial. not sure who built it and what's in it...
basically, everyone could create an account with the name "mozilla" :)
and i'd never use an image by some unknown #3rdparty (like crazymax) for such #sensitive information... who knows what's in the image? and what's in there next week?
@sendung @jlelse@social.jlelse.me
hehe, #bullseye!
hard to know what you get in the end, as usual. different levels of #uncertainty
i for sure wouldn't trust the image of crazymax, unless he's a good friend. i've seen many popular accs being sold or #hijacked..
if #mozilla would be an official acc at #dockerhub, i'd probably also have sufficient #trust in that image.
but... most trustworthy is the sources and a #dockerfile from mozilla's repo. so i need to (automatically) build the image myself
@martin @jlelse
What's in it now? As it's not an automated build (and the Dockerfile is unknown), you have to vet this using the tools out there.
What's in it next week? You don't have to worry about this when using an image version SHA. Never use latest!
But yes, it mostly sucks. Better roll your own image.