Mastodon social network
- Thread starter Keith Miller
- Start date
-
- Tags
- template
To which templates? Are you talking about turnkey? Please ask turnkey, which is not part of the PVE infrastructure.
Just glanced at this - what is scary to me to see is the amount of trust people give to these "turnkey" hubs, as in - supply chain attack anyone?
I wonder if PVE users understand - with the feature to be this neatly integrated - what they are actually getting, from whom.
I wonder if PVE users understand - with the feature to be this neatly integrated - what they are actually getting, from whom.
This!
Nevertheless for me Turnkey is on the more trustworthy part of "the net", at least it is a stable company (with its own interests of course). Downloading some random Docker images from an unknown person with no verifiable reputation is much more... problematic.
Reputation is one reason I do use plain Debian VMs in more than 95% or so. Also my rule is "one service = one VM", so no Multi-Docker-VMs or containers for me. Disclaimer: exceptions exist and prove that rule.
Disclaimer 2: I am talking about my homelab, my dayjob is more stringent...
In the end it doesn't matter whether people download a docker file, a turnkey appilance or a "hel(l)per script" if they don't do their due dilligence.
Concerning trust I think the official docker Image of a Software is more trustworthy than a third-party-container or Script.
It doesn't matter though for people like the /r/homelab-Crowd, they won't listen to advice against trusting helper-acripts/turnkey-appilances or dockerfiles in any case.
This Problem is not pve-soecific though, lxd, truenas, unraid and incus have the same issues, which is more social than technical.
Concerning trust I think the official docker Image of a Software is more trustworthy than a third-party-container or Script.
It doesn't matter though for people like the /r/homelab-Crowd, they won't listen to advice against trusting helper-acripts/turnkey-appilances or dockerfiles in any case.
This Problem is not pve-soecific though, lxd, truenas, unraid and incus have the same issues, which is more social than technical.
I don't think this addresses the point brought into light here, where the OP clearly does not even know the payloads he is getting does NOT come from Proxmox.