Closed emerkle826 closed 3 years ago
This can be closed if #237 is merged instead.
Added 4.0.0 bump and updated keys based on similar bit in the httpd image: https://github.com/docker-library/httpd/blob/5ed28f3fa96f71ef4c702a50c37aad86cf703551/2.4/Dockerfile#L84
Would #237 not be a better solution to avoid having to add more keys in the future?
Would #237 not be a better solution to avoid having to add more keys in the future?
Yes and no. We embed the fingerprints explicitly in order to separate the processing of the fingerprint file and the using of the key for verification. Since the KEYS
file can change at any point, downloading the KEYS
file during build hides which keys could've been used for that build.
Closes #236