Rich Lander
Rich Lander
The following will improve security for users: - Enable all .NET images to be run as a non-root user. - Exposed ports (via `ASPNETCORE_URLS`) are constant across all image types....
These Dockerfiles were put in place for .NET 7, AFAIK. This PR should not be merged until .NET 7 goes EOL.
There are a variety of patterns in use that are not correct or could be made more optimal. ## Managed-only builds We have large images that are intended for native...
The following is the start of a spec for how `dotnet-buildtools-prereqs-docker` images should be used. The intent is that there are a set of approved patterns with the expectation that...
There are opportunities to improve the helix Dockerfiles. - **Make the Dockerfiles non-root:** The Dockerfiles define a non-root user, but install `sudo` and give that user [`sudoer` permissions](https://github.com/dotnet/dotnet-buildtools-prereqs-docker/blob/e2ac99efb806885c8c253fa80aa65ca98e4ac3bb/src/debian/12/helix/amd64/Dockerfile#L41-L47). That means...
Tag had a typo (lack of characters).
36, 38 -> 39
We shouldn't be using RIDs like this anymore. They have no future meaning. https://github.com/dotnet/installer/blob/4ba50aedee0eae2bf53b52d063290bac425515e9/eng/pipelines/source-build-sdk-diff-tests.yml#L27 Related to https://github.com/dotnet/runtime/pull/92211
This should never happen. The scanners are reporting false positives (in part) due to stale dependencies. This has been reported multiple times. I'm starting a new tracking issue. There are...
The native AOT folks told me the new approach for stripping symbols. I was able to validate that cache mounts save time. It's possible not all the mounts are needed....