This makes me wonder, why there has not been a bigger push towards microkernel/m... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

5d749d7da7d5 on Oct 14, 2020 | parent | context | favorite | on: Dockerfile Security Best Practices

This makes me wonder, why there has not been a bigger push towards microkernel/minimal OS with audited toolchains that were "done". Minimal features and minimal surface area. A plug and play distribution with security at the forefront which rarely needed updating because only the essential was available.

I would be fine taking a healthy performance hit if I knew that the base OS was secure. (At this point I expect the BSD folks to chime in that they have had this for years)

piaste on Oct 15, 2020 [–]

Isn't that (one of) the design goals of CoreOS, Alpine, Clear Linux, etc.?

theptip on Oct 15, 2020 | [–]

Further in that direction, https://github.com/GoogleContainerTools/distroless — stripping out as much of the OS code as possible.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact