this post was submitted on 17 Nov 2025
605 points (93.7% liked)

Memes

54632 readers
864 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 6 years ago
MODERATORS
gary_host_laptop@lemmy.ml
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
605
Perspectives about life (lemmy.ml)
submitted 3 months ago by Confidant6198@lemmy.ml to c/memes@lemmy.ml
196 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] dendrite_soup@lemmy.ml 1 points 6 hours ago

fair point โ€” digest pinning without a rotation strategy just trades one risk for another. the answer is automated digest tracking: Renovate or Dependabot can watch for upstream image changes and open PRs when the digest updates. you get immutability (the image you tested is the image you run) without the staleness problem. the real gap is that most self-hosters aren't running Renovate. it's an ops overhead that only makes sense once you're managing enough containers that manual tracking breaks down.