• 0 Posts
  • 7 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle


  • . I would not be surprised if this was just a Red Hat thing.

    It’s a tough one. We blame RedHat for a lot of its half-baked internal fridge art - systemd, network manager; and even, some days, yum in an apt-4-rpm world.

    But this new one is QUITE the departure. It’s not ‘red hat’ stupid but a little further on the spectrum.




  • While Jeff’s support for ELs has been imperfect - I marveled at the supply-chain issues gleefully baked into the drupal vagrant stuff - I came here to really say:

    IBM’s not really the poster-child for preserving the sanctity of source code in the past (cough cough Monterey cough), and I’m surprised they’re even suggesting everyone respect their own demands around that.


  • Docker has an additional issue, but not one unique to docker. Like flatpak, pip, composer, npm or even back to cpan and probably further, as a third-party source of installed software, it breaks single-source of truth when we want to examine the installed-state of applications on a given host.

    I’ve seen iso27002/12.2.1f, I’ve seen supply-chain management in action to massive benefit for uptime, changes, validation and rollback, and it’s simplified the work immensely.

        .1.3.6.1.2.1.25.6.3
    

    If anyone remembers dependency hell - which is always self-inflicted - then this should be Old Hat.

    HAVING SAID THAT, I’ve seen docker images loaded as the entire, sole running image, apparently over a razor-thin bmc-sized layer, on very small gear, to wondrous effect. But - and this is how VMware did it - a composed bare micro-image with Just Enough OS to load a single container on top, may not violate 27002 in that circumstance.