ROCm-docker icon indicating copy to clipboard operation
ROCm-docker copied to clipboard
verified publisher icon ROCm

[Feature]: Use official almalinux image

Open cazlo opened this issue 1 year ago • 0 comments

Suggestion Description

I was looking into supply chain security of the almalinux 8 image.

It is currently pulling from a non-official image of almalinux: https://github.com/ROCm/ROCm-docker/blob/master/dev/Dockerfile-almalinux-8-complete#L1

FROM amd64/almalinux:8

This appears to be published by the amd64 organization but also says it is the official image at https://hub.docker.com/r/amd64/almalinux/

The official build of AlmaLinux OS.

According to https://github.com/AlmaLinux/docker-images and https://hub.docker.com/_/almalinux

The official image is almalinux:8.

If you want to pull always the amd64 version of this, I would do a line like FROM --platform=linux/amd64 almalinux:8

I suggest y'all switch over to the official image to avoid supply chain security red flags

Operating System

almalinux

GPU

No response

ROCm Component

No response

cazlo avatar Oct 18 '24 17:10 cazlo