🖖USS-Ethernet@startrek.website to Selfhosted@lemmy.worldEnglish · 1 day agoI've been busystartrek.websiteimagemessage-square49fedilinkarrow-up1278arrow-down113file-text
arrow-up1265arrow-down1imageI've been busystartrek.website🖖USS-Ethernet@startrek.website to Selfhosted@lemmy.worldEnglish · 1 day agomessage-square49fedilinkfile-text
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2arrow-down3·1 day agoDont do this. OP built a security nightmare
minus-squareirmadlad@lemmy.worldlinkfedilinkEnglisharrow-up0·1 day ago OP built a security nightmare How so?
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2arrow-down4·1 day agoDocker will happily download malicious containers. It doesn’t use cryptography to verify what it downloads during the layer pull.
minus-squarekrashmo@lemmy.worldlinkfedilinkEnglisharrow-up5·1 day agoThat’s overly dramatic phrasing and you know it. Adding this kind of hyper technical quip to a thread aimed at beginners is insane. Stop doing that.
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up1arrow-down1·20 hours agoNo. Just use apt. Don’t fill your house with sensors that make you vulnerable
minus-squareirmadlad@lemmy.worldlinkfedilinkEnglisharrow-up0·1 day agoLinux can do that too from miners, backdoors/SSH credential stealers, bots, rare ransomware but they exist, rootkits, spyware, and supply‑chain attacks
minus-squarequick_snail@feddit.nllinkfedilinkEnglisharrow-up2arrow-down1·20 hours agoApt has done sig checking since 2002 iirc
Dont do this. OP built a security nightmare
How so?
Docker will happily download malicious containers. It doesn’t use cryptography to verify what it downloads during the layer pull.
That’s overly dramatic phrasing and you know it. Adding this kind of hyper technical quip to a thread aimed at beginners is insane. Stop doing that.
No. Just use apt. Don’t fill your house with sensors that make you vulnerable
Linux can do that too from miners, backdoors/SSH credential stealers, bots, rare ransomware but they exist, rootkits, spyware, and supply‑chain attacks
Apt has done sig checking since 2002 iirc