From cdd8a9b974f2e505ced7d76eb6a417d671225618 Mon Sep 17 00:00:00 2001 From: Wonderfall Date: Fri, 16 Apr 2021 01:31:39 +0200 Subject: [PATCH] announce depreciation --- README.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ae3c0a9..2e930b1 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,22 @@ A GNU Social-compatible microblogging server : https://github.com/tootsuite/mastodon -Note (Apr. 2021): currently Mastodon "stable" can't be built beacause of some [yanked packages](https://github.com/tootsuite/mastodon/issues/15986). Not only that, but the streaming component refuses to work correctly with node v14. This is fixed in main. +___ + +⚠️**DEPRECIATED**: don't worry, I'll keep maintaing it for a while. This image was made years ago and needs some rework: +- For instance it uses `su-exec` to degrade privileges, which is fine as an attempt to get a *rootless running* image, but more secure ways to make sure *root* is never used should be preferred. +- As a consequence to that, a newer image should drop all the `chown` instructions at startup time: no more seconds of waiting, even minutes if you're using overlayfs as the storage driver (which is Docker's default). This was fine for flexibility, but users should really learn how to manage the permissions of their volumes. +- It's a pain to maintain, since Mastodon is a very bloated software full of features but also full of dependencies. The streaming server wasn't properly working on 3.3.0 due to an incompatible node.js version. + +As I said, I'll keep "maintaing" it for now (I always though of my images as being bases for you own images, really don't run Docker images from random dudes like me from the Internet), but I'll eventually make a brand new image sometime soon. Meaning, you should be prepared to maintain or make your own image, or use the "official one" *(which I'm not a fan of)*. Above all, take care and take security seriously. + +___ + +**Note (Apr. 2021)**: currently Mastodon "stable" can't be built beacause of some [yanked packages](https://github.com/tootsuite/mastodon/issues/15986). Not only that, but the streaming component refuses to work correctly with node v14. This is fixed in main. #### Why this image? This image is not the official one. The main difference you can notice is that all processes (web, streaming, sidekiq) are running in a single container, thanks to s6 (a supervision suite). Therefore it's easier to deploy, but not recommended for scaling. -#### Security -As many images from the time it was first made, this image follows the principle of degrading privileges. It runs first as root to ensure permissions are set correctly and then only makes use of the UID/GID of your choice. While I agree it's not perfect (due to Linux insecurity), it seemed the best security/comfort balance at the time and it'll remain so for a while. - #### Features - Based on Alpine Linux. - As lightweight as possible.