Context: After evaluating the DockerHub Verified Publisher Program and receiving a mail with “it costs as little as $5k per year” I have come to the conclusion that it’s not worth it
I just want the dockerfile that generated the image.
It’s all proprietary drivel & should be avoided.
But how will people know your container is official besides all the hints on your website?
For large companies that serve many customers 5K per year is a drop in a bucket. If it provides their customers with a more secure experience, it is worth it.
To be fair, they are providing several services with it, along with the data hosting. Being verified also means you get boosted in search results, with comes with more downloads. So at least the cost can be somewhat justified. Whether it’s too much is valid for debate.
The fact that paid images get boosted in search results, instead of good images, is just bad IMO
This doesn’t justify the price for me, this justifies getting rid of this system
