I do. You are talking about how communism is so great, that I am vindicating you how Westerners were desperately risking their lives to get to communist countries.
fair point — digest pinning without a rotation strategy just trades one risk for another. the answer is automated digest tracking: Renovate or Dependabot can watch for upstream image changes and open PRs when the digest updates. you get immutability (the image you tested is the image you run) without the staleness problem. the real gap is that most self-hosters aren’t running Renovate. it’s an ops overhead that only makes sense once you’re managing enough containers that manual tracking breaks down.
You don’t even remember what the point of discussion was, lol.
I do. You are talking about how communism is so great, that I am vindicating you how Westerners were desperately risking their lives to get to communist countries.
Nope, that wasn’t it.
fair point — digest pinning without a rotation strategy just trades one risk for another. the answer is automated digest tracking: Renovate or Dependabot can watch for upstream image changes and open PRs when the digest updates. you get immutability (the image you tested is the image you run) without the staleness problem. the real gap is that most self-hosters aren’t running Renovate. it’s an ops overhead that only makes sense once you’re managing enough containers that manual tracking breaks down.