[GitHub] [pulsar] hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more sure you are right about false positives! ..but even if the absolute numbers are lower e.g. with a new release of pulsar and an included distro, the mechanism keeps always alive: the more code within a package, the more chances for vulnerabilities (plus the influence on the other 7 points noted in https://github.com/apache/pulsar/discussions/20253#discussion-5173112 ) And if the absolute number of vulnerabilities is low on release day, it will always be higher next week... GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5851978 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more sure you are right about false positives! ..but even if the absolute numbers are lower e.g. with a new release of pulsar and an included distro, the mechanism keeps always alive: the more code within a package, the more chances for vulnerabilities. And if the absolute number of vulnerabilities is low on release day, it will always be higher next week... GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5851978 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org
[GitHub] [pulsar] hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more
GitHub user hpvd edited a comment on the discussion: Build distroless package for better security, smaller size, speed and more as @michaeljmarshall already said > Note that using a distroless base image is not a viable option for pulsar 2.x > because we use shell scripts to configure each component before executing the > java command and changing that configuration paradigm would be a breaking > change. see https://github.com/apache/pulsar/issues/11269#issuecomment-896325282 => maybe this is a high value long term topic for Pulsar 4.0 GitHub link: https://github.com/apache/pulsar/discussions/20253#discussioncomment-5835523 This is an automatically sent email for commits@pulsar.apache.org. To unsubscribe, please send an email to: commits-unsubscr...@pulsar.apache.org