On Fri, Dec 23, 2022 at 04:35:03PM +0400, Samer Afach <samer.af...@msn.com> wrote:
> About your great loud thought, my containers are versioned but there's > no CI in there, and every launch for them recreates them. They're all > based on either Debian or Ubuntu (depending on support for my > applications), which means they'll be updated automatically. I don't > use random images from untrusted sources. There's even plan to run apt > update/upgrade on every launch to ensure everything is up to date even > if I forget to recreate a container for any reason, and I'm planning > cron jobs that'll restart the containers daily. I really appreciate > your loud thoughts, keep 'em coming, and I hope I have it covered that > one with my plan. One thing to consider, rather than restarting the containers daily, is to install the unattended-upgrades package in the container and a configuration for it that automatically installs at least all security upgrades. That way, the container can stay running for long periods of time without the need to restart it daily which presumably introduces tiny regular outages. cheers, raf
