Comment by pydry
6 years ago
>"You should rebuild images every 6 mo anyway!" - have you ever worked with an enterprise company? They do not upgrade like we do.
No, but they've got cash and are not price sensitive. Wringing money out of them helps keep it cheap and/or free for everyone else.
Enterprise customers might as well fork over cash to docker rather than shudder Oracle.
Companies might base their image based on another image in the docker registry. That image might be good now, might be good in two years, but what if I want to pull a, say .NET Core 1.1 docker image in four years?
Now, .NET Core 1.1 might not be the best example, but I'm sure you can think of some example.
If you anticipate needing that image around in 4 years for a critical business case, you can either pull it once every 6 months from here on out, download the image and store it somewhere yourself, or make a fully reproducible Dockerfile for it so the image can be re-created later if it disappears from the registry.
Enterprises upgrade on a slower schedule, yes, but they still patch as quickly as everybody else.
Can you patch a docker image? Sort of, but it's easier to rebuild. And that's what they do.
> Enterprises upgrade on a slower schedule, yes, but they still patch as quickly as everybody else.
Hahahahahahaaaa!! No. Not in my experience.
Depends on the situation. Web facing banking app that has ongoing PCI, SOX, and other scanning and monitoring by third party partners and customers? Patched quickly.
Internally facing app that is AJAX glue over a legacy green screen app that is "only reachable from the internal network"? Probably not going get patched until something breaks.
> No. Not in my experience.
Then your experience comes from somewhere with little concern for security.