[dlor]

I was (one of) the original creators of the Google Distroless project. The main difference is that Original Distroless uses Debian as the upstream. This is great in many ways, but makes it so stuff outside of Debian is hard to package in.

Wolfi is its own upstream - packages are sourced and built directly from source, without another Linux distro.

The rest of the differences stem from here - we get more control over what we package and how, and are able to more quickly add new versions of packages, or roll out CVE patches.

[aerfio]

Do you see any significant changes in comparison to the "gcr.io/distroless/static" image, which is commonly used in Go ecosystem? Thanks for answer btw, really appreciate that.

[dlor]

For static, not really just because there's so little in it. For apps that need CGO there's a benefit as more dependencies are required. CGO apps are broken right now IIUC in distroless/glibc-dynamic because of the Debian glibc bump.