Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

...and you'd have to do that for every single security update for every single service that you run. If you need that level of security that might be appropriate, but most users need security patches more than they need to be concerned with a novel attack that requires DockerHub to intend to RCE them.


While the track record of security in the industry is pretty laughable, I do like to delude myself that things are improving.

How many RCEs are discovered per year in baseline Debian/Ubuntu? Seems far more likely that security holes are in the library/application code layered on-top of an image.


> novel attack

Harmful code pushed into large software repositories masquerade as something else is not novel and is starting to happen more and more.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: