emerkle826
commented
3 years ago This can be closed if #237 is merged instead.
Closed emerkle826 closed 3 years ago
emerkle826
commented
3 years ago This can be closed if #237 is merged instead.
yosifkit
commented
3 years ago Added 4.0.0 bump and updated keys based on similar bit in the httpd image: https://github.com/docker-library/httpd/blob/5ed28f3fa96f71ef4c702a50c37aad86cf703551/2.4/Dockerfile#L84
emerkle826
commented
3 years ago Would #237 not be a better solution to avoid having to add more keys in the future?
yosifkit
commented
3 years ago Would #237 not be a better solution to avoid having to add more keys in the future?
Yes and no. We embed the fingerprints explicitly in order to separate the processing of the fingerprint file and the using of the key for verification. Since the KEYS file can change at any point, downloading the KEYS file during build hides which keys could've been used for that build.
Closes #236