alpine-node
alpine-node copied to clipboard
mhart
Question: Official node alpine image
First of all, great job with this image! It made node microservices + docker make sense! And I know it takes a lot of work to maintain this so thanks! 🎉
Now that the official node image has an alpine variant docker-node/pull/156
- Are there any differences between this and the official docker node image?
- If they are the same, do you plan to continue supporting this image or eventually tell people to migrate to the official?
I would like to see an official answer from @mhart here, but here he does encourage an organization to move to the official node alpine image.
I think lots of deployments rely on this image, so it's hard to stop support for this repo without having something in place for those people, maybe even just a deprecation period. On the other hand, I don't think there is a good reason to start a NEW project based on this image, and I think people should look to moving at some point.
I think you should go with the official image, specially for fast security fixes release like this one here.
~$ docker run -it node:7-alpine sh
/ # node -v
v7.10.1
/ # exit
~$ docker run -it mhart/alpine-node:7 sh
/ # node -v
v7.10.0
/ # exit
@waleedsamy that's quite disingenuous – the latest 8.x, 6.x and 4.x mhart/alpine-node images were updated 4.5 hours before the official images:
$ docker inspect --format '{{json .Created}}' mhart/alpine-node:8.1.4
"2017-07-11T18:09:50.754005426Z"
$ docker inspect --format '{{json .Created}}' node:8.1.4-alpine
"2017-07-11T22:41:26.857142679Z"
It's true that Node.js 7.x was not updated on alpine-node (nor was Node.js 5.x) – it hasn't been supported since June and you should have upgraded all your instances to 8.x. Node.js 7 was never an LTS release – you can see the LTS support timeline here:
https://github.com/nodejs/LTS
@mhart you are right, mhart/alpine-node get updated couple of hours before the official images.
waleeds-MacBook-Pro-2:~ waleed$ docker inspect --format '{{json .Created}}' mhart/alpine-node:8
"2017-07-11T18:09:50.754005426Z"
$ docker inspect --format '{{json .Created}}' node:8-alpine
"2017-07-11T22:41:26.857142679Z"
$ docker inspect --format '{{json .Created}}' mhart/alpine-node:6
"2017-07-11T18:35:55.648532378Z"
$ docker inspect --format '{{json .Created}}' node:6-alpine
"2017-07-11T23:17:41.201974341Z"
$ docker inspect --format '{{json .Created}}' mhart/alpine-node:4
"2017-07-11T18:51:44.583266214Z"
waleeds-MacBook-Pro-2:~ waleed$ docker inspect --format '{{json .Created}}' node:4-alpine
"2017-07-11T23:27:18.649119102Z"
but isn't it better if you provided this kind of security fixes to 7.x too (the official image had the fix for this version, although it is not TLS).
@waleedsamy I had removed the 7.x tags from the README and hub.docker.com description a while ago, so no one should be installing it anymore.
I'm happy to update it if you need it, but I am wondering who would be using 7.x in production (and why, considering it was never intended to be stable)?
I discovered I had some docker images running on production based on 7.x image, I updated it to 8.x so I think it's not high priority anymore.
Ah, well I updated them on the weekend anyway 😸 – so you're safe either way 👍
Bump thread :) Hello @mhart and thank you!
- do you do regular cve-fixes for images (at least LTS-ones) ? I see official images was updated 2 days ago, and your one - 2 months ago. But I don't see official changelog and do not if it actually needed ;)
- do you plan to continue supporting this image or eventually tell people to migrate to the official?
@mhart could you please share with us your current perspective on this issue? Thanks.
