• Masterofballs@exploding-heads.comOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I was looking at the site ghcr.io, and my impression is that this site is similar to dockerhub but run by github, and I (perhaps wrongly) assumed that it guarantees that the container is built from the source that is accessible through the github repository.

    I’m actually not sure if github has a auto build system. It might somewhere. But he should be able to override it with a

    docker push ghcr.io/OWNER/IMAGE_NAME:VERSION
    

    Maybe there are some safeguards in github somewhere I don’t know about.

    • Salamander@mander.xyz
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Maybe there are some safeguards in github somewhere I don’t know about.

      I don’t know either, as I haven’t published my own docker containers via dockerhub nor this github site. So I’ve edited my comment even more to warn people of this potential risk. Thank you!