Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add note to DockerHub indicating Alpine images rely on experimental and unofficial-builds #2011

Open
BethGriggs opened this issue Dec 13, 2023 · 4 comments
Open

Add note to DockerHub indicating Alpine images rely on experimental and unofficial-builds #2011

BethGriggs opened this issue Dec 13, 2023 · 4 comments

Comments

@BethGriggs
Copy link
Member

A somewhat extension to #2000.

I've heard a lot of feedback from users of the Docker Official Node.js Alpine images that they were unaware they rely on experimental status builds (refs: BUILDING.md) from https://unofficial-builds.nodejs.org/. The binaries built into these images are not signed by the Node.js release team which may also be a surprise and/or concern to end users.

I understand the constraints with making those builds an official platform. But, I do think this information is not surfaced well enough today. Users of the pre-built Docker images are unlikely to be looking at the building file in Node.js core repository. It's also easy to see the 'Docker Official' status and assume the contents are as official/supported as the other builds the project provides.

I think we should consider adding a note (or warning?) to the https://hub.docker.com/_/node/ webpage indicating the Alpine Docker images make use of an experimental platform provided by https://unofficial-builds.nodejs.org/.
@yosifkit
Copy link
Contributor

I'd guess that adjusting the node:<version>-alpine section would be a useful place to put it. This is generated from a generic template, but can be overridden like we do in golang with a variant-alpine.md.

@SimenB
Copy link
Member

SimenB commented Dec 19, 2023

Yeah, I agree we should do that 👍 Suggestions on the wording is very welcome! 😀 I'm bad at those sorts of things

@vhscom
Copy link

vhscom commented Dec 19, 2023

Regarding verbiage something akin to:

The binaries built into these images are not signed by the Node.js release team

@PeterDaveHello
Copy link
Member

What about this:

Notice to Node.js Alpine Docker Image Users

Please be aware that our Node.js Alpine Docker images use builds from https://unofficial-builds.nodejs.org/, which are not signed by the official Node.js release team. These builds are chosen to ensure compatibility and performance within the Alpine environment. We share this information for transparency and to help you make informed decisions regarding your application setup.

We could also add:

For more details and discussion, please refer to: #1025

@nschonni nschonni mentioned this issue Apr 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yosifkit @SimenB @PeterDaveHello @BethGriggs @vhscom