**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:10

**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:10

virtualice @CobaltVelvet@octodon.social

That's the part of the containers way I just can't accept:

https://github.com/kubernetes/ingress/blob/master/controllers/nginx/rootfs/Dockerfile

1. Your ingress controller is a Google managed nginx image you have no guarantee on.
2. It downloads and run a binary from Github.

No hashs, no signatures; Google, GitHub, tini's owner and anyone pwning them could get a root shell in your setup and MITM everything without anyone noticing for some time.

**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:22

**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:22

I don't believe Google will ever do that or be pwnd, but I'm not so confident in GitHub's security for instance, and much less in tini's owner.
How many servers can you own with a single GitHub account? Correct answer is "what the fuck".

**Haelwenn /ɛlwən/ 🖳** @lanodan_tmp · 2017-06-11T17:24:19Z

Haelwenn /ɛlwən/ 🖳 @lanodan_tmp

@CobaltVelvet Is “too many” a good answer too ?

11 juin 2017, 17:24 · Web · 0 · 0

**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:25

**virtualice** @CobaltVelvet@octodon.social · 11 juin 2017, 17:25

@lanodan_tmp no you have to say "what the fuck" out loud

**Haelwenn /ɛlwən/ 🖳** @lanodan_tmp · 11 juin 2017, 17:26

**Haelwenn /ɛlwən/ 🖳** @lanodan_tmp · 11 juin 2017, 17:26

@CobaltVelvet Ok, actually I just done that reading the CVE RSS feed…