|
|
|
|
|
|
by yencabulator
760 days ago
|
|
|
> I wouldn't have expected `docker pull` in particular to allow arbitrary content injection. Having read Docker source code and seen a repetitive pattern of silly mistakes with dire consequences, I emphatically would expect it to have such, and many other similar, issues. My personal favorite is still the time they computed a hash of a download, but then failed to compare it to anything. |
|
|