Hi,
I was reviewing the FRSCA platform components and noticed that the Gitea sub-chart (platform/vendor/gitea/chart/values.yaml and its documentation) relies on the bitnamilegacy/postgresql-repmgr Docker image.
The Problem
As a project governed by the OpenSSF aiming to secure the software supply chain, relying on the bitnamilegacy namespace introduces a significant security anti-pattern. As the name implies, the bitnamilegacy repository contains deprecated images that are no longer actively maintained or receiving critical CVE security patches. Furthermore, reliance on legacy Bitnami artifacts often leads to stability issues and broken deployments (e.g., pull access denied) for users provisioning the FRSCA environment.
Proposed Solution
I suggest switching to soldevelo/postgresql-repmgr.
This image is an actively maintained, free, and open-source drop-in replacement.
Crucially:
- It ensures your stack is running on an actively patched foundation, aligning with FRSCA's security-first mission.
- It preserves the exact same Bitnami directory structure, environment variables (
repmgrPassword), and replication logic.
- Your existing Helm values will continue to work immediately without requiring template rewrites.
(Note: SolDevelo maintains a library of open-source, Bitnami-compatible images to help the OSS community move away from deprecated or paywalled artifacts. You can find the source code here: https://github.com/SolDevelo/containers)
Suggested Changes in platform/vendor/gitea/chart/values.yaml:
# Old
postgresql-ha:
postgresql:
image:
repository: bitnamilegacy/postgresql-repmgr
# New
postgresql-ha:
postgresql:
image:
repository: soldevelo/postgresql-repmgrI can submit a Pull Request to update the image references across the vendor charts and documentation to ensure FRSCA's baseline dependencies remain secure and reliable. Would you be open to that?
Hi,
I was reviewing the FRSCA platform components and noticed that the Gitea sub-chart (
platform/vendor/gitea/chart/values.yamland its documentation) relies on thebitnamilegacy/postgresql-repmgrDocker image.The Problem
As a project governed by the OpenSSF aiming to secure the software supply chain, relying on the
bitnamilegacynamespace introduces a significant security anti-pattern. As the name implies, thebitnamilegacyrepository contains deprecated images that are no longer actively maintained or receiving critical CVE security patches. Furthermore, reliance on legacy Bitnami artifacts often leads to stability issues and broken deployments (e.g.,pull access denied) for users provisioning the FRSCA environment.Proposed Solution
I suggest switching to
soldevelo/postgresql-repmgr.This image is an actively maintained, free, and open-source drop-in replacement.
Crucially:
repmgrPassword), and replication logic.(Note: SolDevelo maintains a library of open-source, Bitnami-compatible images to help the OSS community move away from deprecated or paywalled artifacts. You can find the source code here: https://github.com/SolDevelo/containers)
Suggested Changes in
platform/vendor/gitea/chart/values.yaml:I can submit a Pull Request to update the image references across the vendor charts and documentation to ensure FRSCA's baseline dependencies remain secure and reliable. Would you be open to that?