[Distutils] Docker, development, buildout, virtualenv, local/global install
Donald Stufft
donald at stufft.io
Wed Jun 15 07:57:38 EDT 2016
> On Jun 15, 2016, at 7:53 AM, Jim Fulton <jim at jimfulton.info> wrote:
>
> If you actually build programs as part of image building, then your
> image contains build tools, leading to image bloat and potentially
> security problems as the development tools provide a greater attack
> surface.
This isn’t strictly true, the layering in Docker works on a per RUN command basis, so if you compose a single command that installs the build tools, builds the thing, installs the thing, and uninstalls the build tools (and cleans up any cache), then that’s roughly equivalent to installing a single binary (except of course, in the time it takes).
—
Donald Stufft
More information about the Distutils-SIG
mailing list