Make build recipes for binaries in container images public

[der-eismann]

Name and Version

bitnami/pgbouncer

What is the problem this feature will solve?

Hey everyone, I was curious and wanted to see how the pgbouncer binary being used was actually built. So I took a look at the Dockerfile, unfortunately it seems that the actual program is not built within the Dockerfile but downloaded from https://downloads.bitnami.com/files/stacksmith/…. Is there any way to see the compiler flags and options used in the builds of the programs used here?

What is the feature you are proposing to solve the problem?

People can check how the offered programs were built.

What alternatives have you considered?

Continue stepping in the dark

[carrodher]

Hi, I'm afraid we currently don't have the compilation recipes publicly available.

[der-eismann]

Thanks for the quick answer! That's a pity in regards to security, transparency and reproducable builds. I would love this to change in the future. There are millions of users for these container images, however there's no way to know if some backdoor was patched into it or other changes were made if these recipes are not public.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.