You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is is possible (e.g. via signatures) to only build Dockerfiles that were created by muncher itself?
Is this a security improvement worth having?
Containers can never "call home", only via their output could they provide access to information they generated, and jobs can only be started by humans (ORCID takes somewhat care of that). Therefore a whitelist for base images does not make a big difference (you can still do bad things in your own Dockerfile even if the base image is fine).
The text was updated successfully, but these errors were encountered:
Is is possible (e.g. via signatures) to only build Dockerfiles that were created by muncher itself?
Is this a security improvement worth having?
Containers can never "call home", only via their output could they provide access to information they generated, and jobs can only be started by humans (ORCID takes somewhat care of that). Therefore a whitelist for base images does not make a big difference (you can still do bad things in your own Dockerfile even if the base image is fine).
The text was updated successfully, but these errors were encountered: