i.e. We covered this across several articles like this one about tags: https://sysdig.com/blog/toctou-tag-mutability/
This other one about file integrity monitoring (Disclaimer: A rather commercial one) https://sysdig.com/blog/file-integrity-monitoring/
And I recall others more explicit on the read-only part, but I’m away from my laptop now. Edit: Found it (point 1.3 in https://sysdig.com/blog/dockerfile-best-practices/ )
Thanks for pointing it out. Definitely it should be more explicit.
i.e. We covered this across several articles like this one about tags: https://sysdig.com/blog/toctou-tag-mutability/
This other one about file integrity monitoring (Disclaimer: A rather commercial one) https://sysdig.com/blog/file-integrity-monitoring/
And I recall others more explicit on the read-only part, but I’m away from my laptop now. Edit: Found it (point 1.3 in https://sysdig.com/blog/dockerfile-best-practices/ )
Thanks for pointing it out. Definitely it should be more explicit.