I was looking at the site ghcr.io, and my impression is that this site is similar to dockerhub but run by github, and I (perhaps wrongly) assumed that it guarantees that the container is built from the source that is accessible through the github repository.
I’m actually not sure if github has a auto build system. It might somewhere. But he should be able to override it with a
docker push ghcr.io/OWNER/IMAGE_NAME:VERSION
Maybe there are some safeguards in github somewhere I don’t know about.
Maybe there are some safeguards in github somewhere I don’t know about.
I don’t know either, as I haven’t published my own docker containers via dockerhub nor this github site. So I’ve edited my comment even more to warn people of this potential risk. Thank you!
I’m actually not sure if github has a auto build system. It might somewhere. But he should be able to override it with a
docker push ghcr.io/OWNER/IMAGE_NAME:VERSIONMaybe there are some safeguards in github somewhere I don’t know about.
I don’t know either, as I haven’t published my own docker containers via dockerhub nor this github site. So I’ve edited my comment even more to warn people of this potential risk. Thank you!