Hi,
On 18. Jan 2018, at 10:45, Daniel Pocock daniel@pocock.pro wrote:
The real questions:
- can you trust a container to be available in the future the same
extent that you can trust a package in a stable Linux distribution?
- can you trust upstream developers to ensure they never put anything
non-free into their container images or does somebody have time to verify the contents of those images on every update?
When you take something from an official package, it has usually been looked at by a second set of eyes already. If you cut that step out then how long is it before non-free stuff creeps in?
These are real questions. I don’t have any answers for them. To me the issue of JS in web services is separate from them, though.
Best,
Mirko.