Hello, Thank you for the reply. Just making sure that I understand correctly: when you say "excludes container image runtime", it means that none of the following scenarios are covered:
Lets say that I'm running a CentOS based docker image on AppEngine Flex. 1) A security bug is discovered in nginx. There is an update available in the repositories. However my instances are not patched until I rebuild/redeploy my images (and I have to be careful to rebuild them in such a away that Docker doesn't re-use a cached intermediary image which would result in the package update step being skipped) 2) Let's say that I'm running Java 9 inside my flex instance, using the OpenJDK build. A new version of the build is released fixing a security bug. I won't get it, until I manually update my Dockerfile presumably and redeploy 3) My webservice is written in Haskell, which gets compiled down to a native executable statically linking zlib. Zlib has a vulnerability and there is a new version. My webservice won't have that update until I rebuild / redeploy it. Is my understanding correct that in all of the above scenarios the onerous task of keeping the different libraries / runtimes updated falls on me? I do realize that supporting (2) and (3) is somewhat of a pipedream (since there are an almost infinite amount of possible configurations) and even (1) can be very complicated since there are a lot of linux distributions out there, but please do realize that one important reason for choosing Google Appengine is that I don't have time to be ops! Thank you. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/b4da105e-a6a9-49bd-ac9e-67693a49e779%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.