Happy new year 🥂, sorry to rip up in the discussions provided here and in the gosu repository:

#1292
#1282
#1297

While I completely respect and understand the stance of gosu author that vulnerability scanners are naïve and show false positive, I think that much time is wasted by postgres consumers understanding all the details and even move time is spent explaining that the critical issues in postgresql images are false positives.

Therefore this (another thread) on the subject. However the question I would like to ask here is

• Do you know of a replacement for gosu which can be used and give postresql project the same functionality?

the alternative MUST be actively maintained, in the way that all security issues are actively addressed in a way that even naïve vulnerabiltity scanners understand (at least docker scout and trivy)

Please let's focus this discussion on alternatives togosu in this image.For comments that mention to fix gosu itself, make those comments in the gosu project.