Matt Thalman
Matt Thalman
> but lacking that we may be able to fix it by moving the arcade clone to a separate image. If the Dockerfile of this image was to be left...
[Triage] @am11 - Do you want to try to make this change?
Windows Docker images are only being provided for Windows Server, not Windows client. So I'm removing the Docker-related tasks.
This should also be updated to no longer use the nightly images.
No, not without going through a big exception approval process. The proper mitigation here is to update the configuration of the Dockerfile so that it doesn't reference vulnerable versions.
There are build failures here. It's not immediately obvious what's wrong.
[Triage] @sbomer - Please make these changes when you can. This will help with image size and also having unneeded packages which can lead to detected vulnerabilities.
> We also would need a way to validate those updates with runtime before publishing. We likely do that with some fancy (with some definition of that term) manifest.json edits...
[Triage] This is related to https://github.com/dotnet/dotnet-buildtools-prereqs-docker/issues/1267 which would help to centrally manage version numbers of dependencies. I'll log a separate issue for the aspect of allowing updated images to be...
[Triage] Assigning to @sbomer to take a look at defining a policy.