{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:VSCYIV525AQEIWQMRS2VV4UUDU","short_pith_number":"pith:VSCYIV52","canonical_record":{"source":{"id":"1811.12874","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2018-11-30T16:24:04Z","cross_cats_sorted":["cs.PL"],"title_canon_sha256":"f654d76c24472564ac5f877039b96e92216371baba24794d9e9009b2c2d912ec","abstract_canon_sha256":"172190d3e07f9805fbe3fa2798fafa4d0ddf64aa53124d874ca590009168eae8"},"schema_version":"1.0"},"canonical_sha256":"ac858457bae820445a0c8cb55af2941d14d0b85e0f431db96b69cb9f432e112f","source":{"kind":"arxiv","id":"1811.12874","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1811.12874","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"arxiv_version","alias_value":"1811.12874v1","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1811.12874","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"pith_short_12","alias_value":"VSCYIV525AQE","created_at":"2026-05-18T12:32:59Z"},{"alias_kind":"pith_short_16","alias_value":"VSCYIV525AQEIWQM","created_at":"2026-05-18T12:32:59Z"},{"alias_kind":"pith_short_8","alias_value":"VSCYIV52","created_at":"2026-05-18T12:32:59Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:VSCYIV525AQEIWQMRS2VV4UUDU","target":"record","payload":{"canonical_record":{"source":{"id":"1811.12874","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2018-11-30T16:24:04Z","cross_cats_sorted":["cs.PL"],"title_canon_sha256":"f654d76c24472564ac5f877039b96e92216371baba24794d9e9009b2c2d912ec","abstract_canon_sha256":"172190d3e07f9805fbe3fa2798fafa4d0ddf64aa53124d874ca590009168eae8"},"schema_version":"1.0"},"canonical_sha256":"ac858457bae820445a0c8cb55af2941d14d0b85e0f431db96b69cb9f432e112f","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:52:39.487362Z","signature_b64":"kOVn/OIajyw1THBsipz753IStGSyo0Ny7DUx5p9pFCvZDrmybxZowezfHoaoOiBLTCdIy8SS2olLLtLM5tt/BQ==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"ac858457bae820445a0c8cb55af2941d14d0b85e0f431db96b69cb9f432e112f","last_reissued_at":"2026-05-17T23:52:39.486639Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:52:39.486639Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1811.12874","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:52:39Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"jOuer67D5FbRHj9YtAj+ImpJYiSAxAcRb+QxILZzYNUTF0TYtQVAdZ1ZvOelWXscEczMpf2V4CyfYpihrdm9CA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T12:42:13.525619Z"},"content_sha256":"fabefcd63939e91d67cf50f978be976a577593d4ae03517a8965ad4b30f8e569","schema_version":"1.0","event_id":"sha256:fabefcd63939e91d67cf50f978be976a577593d4ae03517a8965ad4b30f8e569"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:VSCYIV525AQEIWQMRS2VV4UUDU","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"On The Relation Between Outdated Docker Containers, Severity Vulnerabilities and Bugs","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.PL"],"primary_cat":"cs.SE","authors_text":"Ahmed Zerouali, Gregorio Robles, Jesus Gonzalez-Barahona, Tom Mens","submitted_at":"2018-11-30T16:24:04Z","abstract_excerpt":"Packaging software into containers is becoming a common practice when deploying services in cloud and other environments. Docker images are one of the most popular container technologies for building and deploying containers. A container image usually includes a collection of software packages, that can have bugs and security vulnerabilities that affect the container health. Our goal is to support container deployers by analysing the relation between outdated containers and vulnerable and buggy packages installed in them. We use the concept of technical lag of a container as the difference bet"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1811.12874","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:52:39Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"nPRdaC7y15Df4W4mEkqeMLS4sUZLyIo14Kg9p7zANjUWjkQ+zW0/ii9iHjnJ68ikBCx5isablhc2bDVEORNABg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-20T12:42:13.525968Z"},"content_sha256":"1af5ceda386f877b19302fba959e3843eeb0356b87a26486c67baadde2b03d95","schema_version":"1.0","event_id":"sha256:1af5ceda386f877b19302fba959e3843eeb0356b87a26486c67baadde2b03d95"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/VSCYIV525AQEIWQMRS2VV4UUDU/bundle.json","state_url":"https://pith.science/pith/VSCYIV525AQEIWQMRS2VV4UUDU/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/VSCYIV525AQEIWQMRS2VV4UUDU/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-20T12:42:13Z","links":{"resolver":"https://pith.science/pith/VSCYIV525AQEIWQMRS2VV4UUDU","bundle":"https://pith.science/pith/VSCYIV525AQEIWQMRS2VV4UUDU/bundle.json","state":"https://pith.science/pith/VSCYIV525AQEIWQMRS2VV4UUDU/state.json","well_known_bundle":"https://pith.science/.well-known/pith/VSCYIV525AQEIWQMRS2VV4UUDU/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:VSCYIV525AQEIWQMRS2VV4UUDU","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"172190d3e07f9805fbe3fa2798fafa4d0ddf64aa53124d874ca590009168eae8","cross_cats_sorted":["cs.PL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2018-11-30T16:24:04Z","title_canon_sha256":"f654d76c24472564ac5f877039b96e92216371baba24794d9e9009b2c2d912ec"},"schema_version":"1.0","source":{"id":"1811.12874","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1811.12874","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"arxiv_version","alias_value":"1811.12874v1","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1811.12874","created_at":"2026-05-17T23:52:39Z"},{"alias_kind":"pith_short_12","alias_value":"VSCYIV525AQE","created_at":"2026-05-18T12:32:59Z"},{"alias_kind":"pith_short_16","alias_value":"VSCYIV525AQEIWQM","created_at":"2026-05-18T12:32:59Z"},{"alias_kind":"pith_short_8","alias_value":"VSCYIV52","created_at":"2026-05-18T12:32:59Z"}],"graph_snapshots":[{"event_id":"sha256:1af5ceda386f877b19302fba959e3843eeb0356b87a26486c67baadde2b03d95","target":"graph","created_at":"2026-05-17T23:52:39Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Packaging software into containers is becoming a common practice when deploying services in cloud and other environments. Docker images are one of the most popular container technologies for building and deploying containers. A container image usually includes a collection of software packages, that can have bugs and security vulnerabilities that affect the container health. Our goal is to support container deployers by analysing the relation between outdated containers and vulnerable and buggy packages installed in them. We use the concept of technical lag of a container as the difference bet","authors_text":"Ahmed Zerouali, Gregorio Robles, Jesus Gonzalez-Barahona, Tom Mens","cross_cats":["cs.PL"],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2018-11-30T16:24:04Z","title":"On The Relation Between Outdated Docker Containers, Severity Vulnerabilities and Bugs"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1811.12874","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:fabefcd63939e91d67cf50f978be976a577593d4ae03517a8965ad4b30f8e569","target":"record","created_at":"2026-05-17T23:52:39Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"172190d3e07f9805fbe3fa2798fafa4d0ddf64aa53124d874ca590009168eae8","cross_cats_sorted":["cs.PL"],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.SE","submitted_at":"2018-11-30T16:24:04Z","title_canon_sha256":"f654d76c24472564ac5f877039b96e92216371baba24794d9e9009b2c2d912ec"},"schema_version":"1.0","source":{"id":"1811.12874","kind":"arxiv","version":1}},"canonical_sha256":"ac858457bae820445a0c8cb55af2941d14d0b85e0f431db96b69cb9f432e112f","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"ac858457bae820445a0c8cb55af2941d14d0b85e0f431db96b69cb9f432e112f","first_computed_at":"2026-05-17T23:52:39.486639Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:52:39.486639Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"kOVn/OIajyw1THBsipz753IStGSyo0Ny7DUx5p9pFCvZDrmybxZowezfHoaoOiBLTCdIy8SS2olLLtLM5tt/BQ==","signature_status":"signed_v1","signed_at":"2026-05-17T23:52:39.487362Z","signed_message":"canonical_sha256_bytes"},"source_id":"1811.12874","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:fabefcd63939e91d67cf50f978be976a577593d4ae03517a8965ad4b30f8e569","sha256:1af5ceda386f877b19302fba959e3843eeb0356b87a26486c67baadde2b03d95"],"state_sha256":"7c3b305cd792d389a2e11189a275f70800aea5e9f1fc6c9bc8b7b7fcdebf041a"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"GDBQ3lX2nA5tnlzPuuiw6QDugQyqGxzIZxf7/0i/xyhV0uEgFg3EVqsvUNKg+3Tmif08qMgEOLlOqOUKPsArBQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-20T12:42:13.528006Z","bundle_sha256":"f3b39b3fcb5b3627defc864f3d5325604cdf9bd05abc44a899d95ae1e5285123"}}