cpanm defaults to downloading via http, so currently while there is a checksum for App::cpanminus there isn't a checksum or validation for the SSL modules installed.
Rather than just switching to HTTPS, explicitly download the modules and verify the checksums, so the Docker image is built with known versions and checksums.
This obviously has the downside that future releases will need to be tracked manually, but I think that's a desirable thing in some ways, as the build of this docker image then becomes more reproducible.
cpanm defaults to downloading via http, so currently while there is a checksum for App::cpanminus there isn't a checksum or validation for the SSL modules installed.
Rather than just switching to HTTPS, explicitly download the modules and verify the checksums, so the Docker image is built with known versions and checksums.
This obviously has the downside that future releases will need to be tracked manually, but I think that's a desirable thing in some ways, as the build of this docker image then becomes more reproducible.