8:54 my experience with pinning apt-get / yum is the source repos may lose their older versions. So one way I mitigated it was to make a yum/apt-get proxy using Sonatype nexus

26:24 the two hardest part to avoid ssh into server are (a) deployment and (b) logs. Things need to be retrofitted to pool the logs by adding things like filebeats etc. And remote deployment requires some way of connecting to it either through a TLS daemon port which is a complex setup when you're starting and you're trying to automate the infrastructure setup.

I would say, start with alpine/slim whatever, if you run into problems, then switch to the base version. Also, dont fret too much about the image CVE. All you need to do is bump the version of your image to use the latest image. That fixes the problem.

7:30 what's the app that does that highlight thingy?

Great talk

Are we the baddies?

what is cve?

This talk didn't date well.