ntn888@lemmy.ml to Selfhosted@lemmy.worldEnglish · edit-27 months agoMy take on Alpine as a platform for selfhostingsimplycreate.onlineexternal-linkmessage-square7fedilinkarrow-up17arrow-down122
arrow-up1-15arrow-down1external-linkMy take on Alpine as a platform for selfhostingsimplycreate.onlinentn888@lemmy.ml to Selfhosted@lemmy.worldEnglish · edit-27 months agomessage-square7fedilink
minus-squareoshu@lemmy.worldlinkfedilinkEnglisharrow-up6·7 months agoKeeping containers up to date for security and bugfixes is just as important as OS packages.
minus-squarentn888@lemmy.mlOPlinkfedilinkEnglisharrow-up1arrow-down4·7 months agoyeah, but any update failure of a container is less fatal. and only affects the isolated service… it’s way easy to manage this situation than an unbootable server.
minus-squareoshu@lemmy.worldlinkfedilinkEnglisharrow-up3·7 months agoHow so? if I compromise a containerized app I get all the data that app has access to. From a security standpoint, each and every container running actually increases the potential attack surface.
Keeping containers up to date for security and bugfixes is just as important as OS packages.
yeah, but any update failure of a container is less fatal. and only affects the isolated service… it’s way easy to manage this situation than an unbootable server.
How so? if I compromise a containerized app I get all the data that app has access to.
From a security standpoint, each and every container running actually increases the potential attack surface.