Le primidi 21 brumaire, an CCXXV, Eduardo M KALINOWSKI a écrit : > docker does not work as you describe (and I know of nothing that does > anything close to your idea), but it does suit some of the uses you > mentioned (the ones quoted). If I understand correctly how Docker works, its images are big blobs that contain the program they are meant to distribute plus all its dependencies. Am I mistaken? If it works like that, that means when the next OpenSSL security issue is found, we have to cross our fingers very tightly and hope whoever released the image will release an update with a fixed library. With what I have in mind, unless the maintainer of the third-party repository did something very wrong, its packages will be dynamically linked with OpenSSL from the base system, and benefit from the updates immediately. It makes a big difference: in one case, you have to trust the third party to do a good job and continue that way in the future, on the other case you only have to trust it to do a not-bad job once. Personally, I would rather unpack a dynamically-linked binary somewhere in /opt and install the dependencies myself than use a package system with bundled libraries. Or, of course, install from source. Regards, -- Nicolas George
Attachment:
signature.asc
Description: Digital signature