|
|
|
|
|
|
by zahlman
588 days ago
|
|
|
After reading the underlying report (https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-...), I can't help but think: "where is the defense in depth?" Since `.pyc` files are just a cache of compilation that's already generally pretty quick, this could have been prevented by systems that simply didn't allow for pushing them into the Docker image in the first place. Or by having `PYTHONDONTWRITEBYTECODE=1` set on the developer's machine. (Also, now I'm trying to wrap my head around the fact that there's such a thing as "Docker Hub" in the first place, and that people feel comfortable using it.) |
|
|
Unless you build all of your images `FROM scratch` by default (or use in-house registries or quay or whatnot for all of your base images), you've used Docker Hub too...