Post AwGFlD8OI4zUwbDC4m by alefunguju@mastodon.social
 (DIR) More posts by alefunguju@mastodon.social
 (DIR) Post #AwGFlD8OI4zUwbDC4m by alefunguju@mastodon.social
       2025-07-18T14:51:41Z
       
       0 likes, 0 repeats
       
       Alright so I just found out that OCI (Docker/Podman) is just absolute garbage if you want anything resembling supply-chain security, because registries and clients are basically allowed to willy-nilly change the image digests. So I just cannot really prove that an image I just mirrored on my local registry is the same I pulled from elsewhere. Is this what we are basing much of our software infrastructure on?#oci #docker #podman #security #cybersecurity #supplychain
       
 (DIR) Post #AwGFlEO1dR5ipNXC5I by ozzelot@mstdn.social
       2025-07-18T14:56:35Z
       
       0 likes, 0 repeats
       
       @alefunguju I like it when we make things dumber for perceived convenience. Gotta be one of my favorite definitely fine phenomena.