🖖USS-Ethernet@startrek.website to Selfhosted@lemmy.worldEnglish · 24 hours agoI've been busystartrek.websiteimagemessage-square49linkfedilinkarrow-up1282arrow-down19file-text
arrow-up1273arrow-down1imageI've been busystartrek.website🖖USS-Ethernet@startrek.website to Selfhosted@lemmy.worldEnglish · 24 hours agomessage-square49linkfedilinkfile-text
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2arrow-down2·19 hours agoDont do this. OP built a security nightmare
minus-squareirmadlad@lemmy.worldlinkfedilinkEnglisharrow-up1·17 hours ago OP built a security nightmare How so?
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2arrow-down1·16 hours agoDocker will happily download malicious containers. It doesn’t use cryptography to verify what it downloads during the layer pull.
minus-squarekrashmo@lemmy.worldlinkfedilinkEnglisharrow-up5arrow-down1·15 hours agoThat’s overly dramatic phrasing and you know it. Adding this kind of hyper technical quip to a thread aimed at beginners is insane. Stop doing that.
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up1·8 hours agoNo. Just use apt. Don’t fill your house with sensors that make you vulnerable
minus-squareirmadlad@lemmy.worldlinkfedilinkEnglisharrow-up1·15 hours agoLinux can do that too from miners, backdoors/SSH credential stealers, bots, rare ransomware but they exist, rootkits, spyware, and supply‑chain attacks
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2·8 hours agoApt has done sig checking since 2002 iirc
Dont do this. OP built a security nightmare
How so?
Docker will happily download malicious containers. It doesn’t use cryptography to verify what it downloads during the layer pull.
That’s overly dramatic phrasing and you know it. Adding this kind of hyper technical quip to a thread aimed at beginners is insane. Stop doing that.
No. Just use apt. Don’t fill your house with sensors that make you vulnerable
Linux can do that too from miners, backdoors/SSH credential stealers, bots, rare ransomware but they exist, rootkits, spyware, and supply‑chain attacks
Apt has done sig checking since 2002 iirc