Thanks for all of the responses! So the image version number for HAProxy stays the same but the hash will update?
> On Mar 25, 2021, at 9:03 AM, Tim Düsterhus <t...@bastelstu.be> wrote: > > Paul, > > On 3/25/21 4:46 PM, Paul Lockaby wrote: >> As a lurker on this list I've always kind of wondered what the policy > is for releasing new containers to address security patches on > dependencies like this. I'm not sure who maintains the "official" > containers for HAProxy but would they do a re-release of the latest > versions to include a patch on a dependency like OpenSSL? >> > > The 'haproxy' image for Docker is maintained by the Docker Official > Images Team [1] [2]. They also handle the necessary rebuilds when the > base image changes. I maintain 2 images as part of the Official Images > program and also contribute to the HAProxy image via Pull Requests. I am > not part of the DOI Team, though. > > Independently from your email I already asked in their IRC whether the > 'debian' base image is going to be rebuilt due to the OpenSSL update. > This would then cause a rebuild of the 'haproxy' image. > > For the images that contain a username (e.g. timwolla/haproxy) the > authors are responsible to trigger a rebuild. > > Best regards > Tim Düsterhus > > [1] https://github.com/docker-library/haproxy/ > [2] https://github.com/docker-library/official-images/
