DI-UMONS : Dépôt institutionnel de l’université de Mons

Recherche transversale
(titres de publication, de périodique et noms de colloque inclus)
2021-02-01 - Article/Dans un journal avec peer-review - Anglais - page(s)

Zerouali Ahmed , Mens Tom , Decan Alexandre , Gonzalez-Barahona Jesus, Robles Gregorio, "A multi-dimensional analysis of technical lag in Debian-based Docker images" in Empirical Software Engineering

  • Edition : Kluwer Academic Publishers (Netherlands)
  • Codes CREF : Informatique appliquée logiciel (DI2570), Informatique générale (DI1162), Analyse de systèmes informatiques (DI2572)
  • Unités de recherche UMONS : Génie Logiciel (S852)
  • Instituts UMONS : Institut de Recherche en Technologies de l’Information et Sciences de l’Informatique (InforTech)
Texte intégral :

Abstract(s) :

(Anglais) Container-based solutions, such as Docker, have become increasingly relevant in the software industry to facilitate deploying and maintaining software systems. Little is known, however, about how outdated such containers are at the moment of their release or when used in production. This article addresses this question, by measuring and comparing five different dimensions of technical lag that Docker container images can face: package lag, time lag, version lag, vulnerability lag, and bug lag. We instantiate the formal technical lag framework from previous work to operationalise these different dimensions of lag on Docker Hub images based on the Debian Linux distribution. We carry out a large-scale empirical study of such technical lag, over a three-year period, in 140, 498 Debian images. We compare the differences between official and community images, as well as between images with different Debian distributions: OldStable, Stable or Testing. The analysis shows that the different dimensions of technical lag are complementary, providing multiple insights. Official Debian images consistently have a lower lag than community images for all considered lag dimensions. The amount of lag incurred depends on the type of Debian distribution and the considered lag dimension. Our research offers empirical evidence that developers and deployers of Docker images can benefit from identifying to which extent their containers are outdated according to the considered dimensions, and mitigate the risks related to such outdatedness.

Identifiants :
  • DOI : 10.1007/s10664-020-09908-6

Mots-clés :
  • (Anglais) software distribution
  • (Anglais) software evolution
  • (Anglais) technical lag
  • (Anglais) container
  • (Anglais) Docker