Tianon Gravi

I'm a (soft) -1 on this change: 1. the `schema` module is not/barely maintained, so I wouldn't say it's exactly "security supported" (and it's a library, so any security issue...

cc `caddy` image maintainers for review/approval: @hairyhenderson @francislavoie (see also https://github.com/moby/moby/pull/41030, which adjusted `net.ipv4.ip_unprivileged_port_start` to be `0` by default in Docker's network namespaces in Docker 20.10+ which negates the original...

At that time, I don't think this change had made its way into the common Kubernetes runtimes, and I believe that's changed now, but worth confirming. In other words, for...

To illustrate further, with just Docker: ```console $ docker run -it --rm --user 1000:1000 --cap-drop NET_BIND_SERVICE --name test "$(docker build -q -

I would imagine this hasn't come up sooner (in the ~10 years we've been maintaining this image) because it's kind of an odd feature for a database server TBH --...

In most distributions/packaging contexts, this dependency relationship is what's often called "Recommends": https://www.debian.org/doc/debian-policy/ch-relationships.html#binary-dependencies-depends-recommends-suggests-enhances-pre-depends > This declares a strong, but not absolute, dependency. > > The `Recommends` field should list packages...