Docker Image Insecurity
01 Jan 2015 • titanous.comDocker users should be aware that the code responsible for downloading images is shockingly insecure. Users should only download images whose provenance is without question. At present, this does not include “trusted” images hosted by Docker, Inc including the official Ubuntu and other base images.
Yikes. Docker users beware. Seems docker needs to mature a bit more. This sounds pretty bad to me.