←back to thread

The Deletion of Docker.io/Bitnami

(community.broadcom.com)
329 points zdkaster | 1 comments | 28 Aug 25 04:37 UTC | HN request time: 0s | source
Show context
vbezhenar ◴[28 Aug 25 11:57 UTC] No.45051073[source]
This is such a weird state.

> The Photon images provide many other benefits not previously available to users of Debian images, including:

> Drastically reduced CVE count (e.g., 100+ CVEs to in some cases 0)

How can Debian image contain 100+ CVEs? It's nonsense. Surely Debian is as secure as most other "commercial" distros.

This CVE scanning stuff is clear FUD to promote commercial distros.

replies(1): >>45051843 #
1. indigodaddy ◴[28 Aug 25 13:21 UTC] No.45051843[source]
Maybe they're still counting back ports as CVEs? (Seems like scanning software still always false positives on a listening port that flags for a version and doesn't take into account backport and doesn't actually test for the CVE/vuln-- it's so exasperating weeding through reports thrown at you by "Security")

But yeah seems unlikely that official Debian images would be full of CVEs unless they are not being regularly updated.