> And it uses docker compose v1, which isn't supported by upstream and receives no security updates since 2021.
Is there any actual security concern here? As far as I can tell, docker compose v1 has no outstanding CVEs, and has, in fact, never had any CVEs or needed/received any security updates.
I don't disagree and I usually don't like the security argument for tools like docker compose, that's why I highlighted the features and improvements to docker more than security itself :) .
It's just nice to have actual upstream bug fixes to an actually recent version instead of random backports and patches especially for a tool like docker. It's also nice to have the much improved tools of docker 20+.
Plus, you literally get everything that's nice from Debian too. It's like Debian but with a different package "profile". Debian is perfect for some use cases but Ubuntu is great for others.
FWIW docker.io in Debian is currently at 20.10.24.
This is a bit of a digression though, I don't actually have a problem with Ubuntu overall, I just found Debian to be better for my particular Docker-hosting needs.
Is there any actual security concern here? As far as I can tell, docker compose v1 has no outstanding CVEs, and has, in fact, never had any CVEs or needed/received any security updates.
Plus the Debian version has received some patches as recently as 2023: https://metadata.ftp-master.debian.org/changelogs//main/d/do...