Suboptimal ways to respond to a public security incident
This issue is already quite widely publicized and quite frankly "we're handling it and removing this" is a much more harmful response than I would hope to see. Especially as the admins of that instance have not yet upgraded the frontend version to apply the urgent fix.
It's not like this was a confidential bug fix, this is a zero day being actively exploited. Please be more cooperative and open regarding these issues in your own administration if you're hosting an instance. 🙏
You are viewing a single comment
I disagree.
IMO, we should be using Nix and OCI.
When someone says docker in the context of images today, they're already talking about the OCI format.
OCI uses Dockerfiles and runs Docker images as docker images are just KVM image, which is what OCI runs. Nix is absolute overkill for the orchestration of a web server workload and would be better for managing the container host (whatever you're running kubernetes or docker swarm on).
I don't really know how to put this, but nearly every single web service you encounter and interact with is built using a dockerfile just like how Lemmy is doing. If you're going to disqualify Lemmy as a viable platform based on it having a dockerfile, I got bad news
I thought KVM was virtualisation, as in separate kernels.
And I thought containers shared the hosts kernel. Essentially an "overlay os".
So, a KVM could virtualise different hardware and CPU architectures.
Whereas a container can only use what the host has
Lmao