On Sun, 29 Jun 2025 at 19:39, Borden <[email protected]> wrote: > In general, https://wiki.debian.org/Docker warns that, for the images at > https://hub.docker.com/_/debian, "you may not trust their maintainer on > having done the right thing for you." That sounds awfully like a security > warning. Yet Tianon and Paul Tagliamonte maintain those repos, so they should > be perfectly safe and reliable, no?
Oof, this was definitely extremely outdated; the way the images are built has changed dramatically since that note was added more than ten years ago, so I've just removed that entire paragraph now. ð > If I understand Geert's advice, the official Docker images use > debuerreotypeâ , so your link to the GitHub repo would, in theory, allow me to > roll my own containers virtually identical to the official images. As not to > duplicate effort, I may just link the wiki/Docker page to GitHub. Yeah, the whole goal of debuerreotype is that you could recreate not just virtually identical images, but exactly identical images. If that's something you want to do and you're not able to do so successfully, I'd consider that a bug and would welcome a filing with details so I can investigate and fix it. †> Tying in John's commentary, it appears mkimage.sh got moved out of docker.io. > In fairness, I had no way of knowing that mkimage.sh referred to the mkimage > package and not some custom script in docker.io. Based on the official > images, debuerreotypeâ would be the "recommended way" to build an image over > mkimage.sh, right? Whoops, that's actually technically my bad: https://github.com/moby/moby/pull/41440 (see also https://bugs.debian.org/969940#22) As noted in that upstream PR, those scripts were long-since unmaintained and really shouldn't be used. If you'd like to create your own images, I'd suggest debootstrap, mmdebstrap, or debuerreotype (depending on what you're trying to accomplish by creating your own and what your goals are). If you want to reproduce the images maintained at https://hub.docker.com/_/debian by paultag and I, debuerreotype is designed for that, but if you just need minimal images of a modern release, mmdebstrap is probably the best bet. As a consequence of this, I'm not sure https://wiki.debian.org/Cloud/CreateDockerImage provides any value anymore over the content that already exists at https://wiki.debian.org/Docker, save for *maybe* that initial paragraph, and I'd honestly consider deleting it entirely but I'm not sure what the consequences of that might be, so deleting most of the content is probably a safer first pass? > I just want to make sure my foundations are correct before I start breaking > things. â¥, - Tianon 4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4 (please feel free to keep me in explicit CC - I'm not subscribed to "debian-user" but I'm happy to discuss this further ð)
