> On Jun 15, 2016, at 7:53 AM, Jim Fulton <[email protected]> wrote: > > If you actually build programs as part of image building, then your > image contains build tools, leading to image bloat and potentially > security problems as the development tools provide a greater attack > surface.
This isn’t strictly true, the layering in Docker works on a per RUN command basis, so if you compose a single command that installs the build tools, builds the thing, installs the thing, and uninstalls the build tools (and cleans up any cache), then that’s roughly equivalent to installing a single binary (except of course, in the time it takes). — Donald Stufft _______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
