Comments (3)
Again, I will kindly disagree. There are a core set of base images (e.g., centos, ubuntu) provided by the primary maintainers that are updated with security patches, and that is much better practice than "rolling your own" which at best would be the same thing.
At least for Singularity recipes I have a small plot: https://singularityhub.github.io/singularity-catalog/bases/ and we can see this practice is followed.
from ten-simple-rules-dockerfiles.
@vsoch Thank you for your quick reply.
I'm afraid you only believe that these images are reproducible, but in fact they might have been changed (such as adding security packages) or were built using apt install
(and used whatever accidentally was available at this day). If you build the same Dockerfile, you might get different results, such as a security fixed package (for a flaw impossible to exploit in your environment) but with a little new bug (breaking your application). Either it is guaranteed to have exactly the same input, or it is not reproducible.
Of course there are other requirements, such as updating to include security fixes, and surely in many cases the old results will not be needed to be reproduced, but when for example in ten years someone wants to verify why a result was incorrect, 100% exact the same content is needed - maybe a well hidden bug somewhere lead to a wrong result.
Of course reproducibility has a price, and often it is high. For example, when using images from maintainers, each must be stored locally.
Let's assume one officially maintained image was attacked and contained a backdoor. This backdoor leads to wrong result of the container operation and to an invalid conclusion of some research. To analyze whether the invalid conclusion was caused by bad scientific practices or even data manipulation, someone could redo the processing. In meantime the maintainers surely removed the backdoor, of course they do, what else could be expected. By this, the reason for the wrong result is removed and the container produces the correct result, different than before (i.e. not reproducing) and the researcher may get into trouble because some may think the invalid conclusion was done to look better in publications.
from ten-simple-rules-dockerfiles.
I don’t actually care if they are perfectly reproducible - it’s almost guaranteed they are slightly different, however is my supply chain in secure (a work in progress but registries will care soon with SBOMs etc) and my container is tested and works as I need it to, this is a successful outcome.
from ten-simple-rules-dockerfiles.
Related Issues (20)
- comments about rule 5: "Specify software versions" HOT 4
- comment about rule 6: "Use version control" HOT 3
- comments about rule 7: "Mount dataset at run time" HOT 9
- comments about rule 8: "Make the image one-click runnable" HOT 5
- comments about rule 9 "Order the instructions" HOT 1
- comments about rule 10 "Regularly use and rebuild containers" HOT 9
- Comments about Rule 1 "Use available tools" HOT 1
- Related work HOT 2
- ENV and ARG HOT 3
- Source code for figure
- Rules 6 & 7 HOT 9
- Improve and clarify bind mounts vs. volumes HOT 3
- Publish a bookdown rendering
- Content beyond the paper HOT 1
- New projects, packages, ideas for follow ups, new revisions, etc. HOT 10
- Build current master PDF with GitHub action, not with Travis HOT 1
- (Comment) Rule 0 - Don't use docker HOT 6
- comment about rule 3: "Format for clarity" HOT 6
- comment about rule 4: "Document within the dockerfile" HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ten-simple-rules-dockerfiles.