You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In your dockerhub account are multiple image repositories that are over a year old and suffer from multiple security issues.
Some of them have over 500k downloads and are still in use. Please remove them.
@hashworks removing them will cause many builds over many places to fails, as they won't be able to download it. So IMO adoptium should never remove any valid image from dockerhub.
Imagine that you have dockerfile using one of those for 5 years and suddently it stops working, I guess you won't be happy as it will force you to search mirror or to do ad-hoc migrations (which can not be an easy one)
On my end I only noticed that people use those old images because builds where failing when the outdated libraries where unable to connect to our TLS endpoints.
Failing builds may be the only thing that causes people to use updated images instead of the same one for five years. What is better, a failed build that can be fixed in no time or run into security issues or bugs caused by an unmaintained image? I see no other way to reach out to those people than to remove them.
If you really want to keep those images you have to maintain them (add security patches and the like) IMHO.
In your dockerhub account are multiple image repositories that are over a year old and suffer from multiple security issues.
Some of them have over 500k downloads and are still in use. Please remove them.
The text was updated successfully, but these errors were encountered: