On Fri, May 01, 2020 at 08:28:59AM +0200, Fabian Arrotin wrote: > On 01/05/2020 00:58, Derek Carter wrote: > > Shouldn't `registry.centos.org/centos:latest` > > <http://registry.centos.org/centos:latest`> point to CentOS 8? > > > > That's what https://hub.docker.com/_/centos leads me to believe. > > > > Where is the CentOS registry managed? > > That's indeed a good question as CentOS core team is pushing only to > DockerHub, but the other team that was in charge of registry.centos.org > is now silent for months so don't know about its actual status .... I've reported the issue as https://bugs.centos.org/view.php?id=16592 back in October, besides other things I've noticed about the container images. It got no response so far. The registry.centos.org/8 image has actually been updated two months ago so someone with access to that registry is active: $ podman pull registry.centos.org/centos:8 Trying to pull registry.centos.org/centos:8... Getting image source signatures Copying blob 7489b20503c1 [--------------------------------------] 0.0b / 0.0b Copying config 06883f3563 done Writing manifest to image destination Storing signatures 06883f356370555e47f0dc0f4fbc7141046a806be2930c250f0dc8196fa6e659 $ podman images registry.centos.org/centos:8 REPOSITORY TAG IMAGE ID CREATED SIZE registry.centos.org/centos 8 06883f356370 2 months ago 228 MB Wouldn't it be good to either include registry.centos.org in the official processes or decomission it altogether? What's further interesting is that registry.centos.org/centos:7 3fe89940ae92 was updated three years ago, but it's 7.6.1810, unlike docker.io/library/centos:7 5e35e350aded which is five months old, but is 7.7.1908. Having old versions around can lead to people unknowingly using old software with vulnerabilities. -- Jan Pazdziora Product Owner, Platform Security Readiness, Red Hat