[jermier]

> Security – The operating system installed in a container is usually short-lived, very minimal, and sometimes read-only. It therefore provides a much smaller attack surface than a typical general purpose and long-lived server environment.

Is this true? I always thought things like Docker are massively insecure because they don't respond to the threat landscape that well, since they are kind of 'frozen in time' and kept that way for years at a time without any critical security updates.

[cnorthwood]

If you're deploying your own application, you should probably build your image from a known maintained base image, rather than from a community supported one, and then periodically rebuild it - it's like how you'd have to redeploy your app if there was a security issue in one of your dependencies. I wouldn't recommend using any of the public Docker images outside of local dev environments