Hi Attila, You're correct about the uncovered scenarios mentioned if your app runtime is container image runtime. However, we are very aware of all of the above mentioned scenrios, and our product teams are working hard to improve App Engine to a state where more needed solutions will be provided to meet different users' demand.
On Saturday, November 18, 2017 at 1:46:35 AM UTC-5, Attila-Mihaly Balazs wrote: > > Hello, > > Thank you for the reply. Just making sure that I understand correctly: > when you say "excludes container image runtime", it means that none of the > following scenarios are covered: > > Lets say that I'm running a CentOS based docker image on AppEngine Flex. > > 1) A security bug is discovered in nginx. There is an update available in > the repositories. However my instances are not patched until I > rebuild/redeploy my images (and I have to be careful to rebuild them in > such a away that Docker doesn't re-use a cached intermediary image which > would result in the package update step being skipped) > > 2) Let's say that I'm running Java 9 inside my flex instance, using the > OpenJDK build. A new version of the build is released fixing a security > bug. I won't get it, until I manually update my Dockerfile presumably and > redeploy > > 3) My webservice is written in Haskell, which gets compiled down to a > native executable statically linking zlib. Zlib has a vulnerability and > there is a new version. My webservice won't have that update until I > rebuild / redeploy it. > > Is my understanding correct that in all of the above scenarios the onerous > task of keeping the different libraries / runtimes updated falls on me? I > do realize that supporting (2) and (3) is somewhat of a pipedream (since > there are an almost infinite amount of possible configurations) and even > (1) can be very complicated since there are a lot of linux distributions > out there, but please do realize that one important reason for choosing > Google Appengine is that I don't have time to be ops! > > Thank you. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/770fe825-0493-43e6-88e3-48aa34488faa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
