switching to bitnami or own images again

[genofire]

Like here already detected #208 the images has a lot of CVEs with classified as Critical.
Most of them are not critical like in gosu (issue 104) declared. But the reputation on automatic scans is really bad, see last comment.

Alternative we could patch the base-container to drop gosu and use e.g. sudo or use setpriv instatt:
docker-library/postgres#1304 (comment)

PS: This is an problem for 3 years now. So we should not ignore it and close ever month
another issue:

• Add security section into the README #209
• [Bug]: Getting lots of Security issues for CNPG Docker Image #208
• [vulnerabilities] minimal and standard images for 17.5 #189
• Security Vulnerabilities in PostgreSQL Image: Request for Guidance #138

[sxd]

Hi @genofire

Great you already read the other related issues, so I'm guessing you already read the explanation of not using the images based in the postgres container from the community but instead use the standard images, right? because those has a lot less security issues.

Now, we're a community and maintaining the images is a lot of work, we automated most of it, but still required maintenance, but as you can see less more issues are in the standard image so please use those images not the other ones, also, switching to the plugin format helps a lot to reduce the amount of CVEs.

With that being said, people is open to modify the images or create their own images to achieve their internal needs, but also, we need people to work on the images so please, PRs are welcome.

Regards,