Description
Most people with the intention to use this project will do using a pre-built docker image, but what is the official image? there is no link in the README. Also this projects has marked as latest release a version from the year 2017, and the tags... I don't know what mean those tags, doesn't look to match the real versions released.
In the official documentation here https://developers.bitgo.com/guides/get-started/express/install#install-with-docker 2 different images are used, from 2 different Docker Hub accounts, in the points 1. and 2. the image used is bitgo/express, while in the point 4. the image is bitgosdk/express. Both accounts have different set of versions, so... what is the official image? one seems to point to the other:
But with such a large README below is easy to not see it, moreover the one that may be the "official" account looks like it was created a by a kid testing what is Docker Hub: no README, and a few pulls compared with the old one:
This is a security issue, one may think that having the "latest" image is secure enough but is not because you are using an unmaintained image, or even worst, one can use a fake image found in the registry, because there is no clarity of what is the official image and what is the latest release.
In short, what I think you should do is:
- Fix the documentation, only one is the official account, although a mention that there was an old account and you should move to the new one would be useful.
- Add in the README of this project a link to the official Docker images.
- Move the large README from the old Docker Hub account to the new account. In the old one, put in big that the account is deprecated and you should move to the new one.
- Use the "Release" and "Tags" sections of Github properly, or don't use them at all.