Closed 33Fraise33 closed 6 years ago
luigidellaquila
commented
6 years ago Hi @33Fraise33
Thank you very much, we were thinking of switching to the standard community by default and have a separate dockerfile for tp3, so it's definitely a 👍 I'll check it an merge asap
Thanks again!
Luigi
luigidellaquila
commented
6 years ago Hi @33Fraise33
I did some research and I found out that we cannot calculate the MD5 and SHA1 this way, for a security reason. The checksums are needed only to make sure that, in case the repo from where you download the artifacts is someway compromised (eg. a hacker replaces the artifacts, or a DNS attack lets you point to a malicious repo), a manipulated artifact won't match the checksum. As you can understand, if you download the checksums from the same repo, all this does not apply anymore, to the only purpose of the checksum is completely missed.
I'm closing this PR, but I'm also setting the standard Community edition as a default, as it makes a lot more sense
Thanks
Luigi
33Fraise33
commented
6 years ago Hello,
Thanks for the explanation. Good to know. Thanks for changing to community edition!
I added some more variables which should make it easier to upgrade to new versions.
MD5 & SHA1 hashes are downloaded with the package itself for the correct version. Also changed tp version to general community version as a separate TP version seems more appropriate.
Due to these changes it should be possible to just change the version number in the dockerfile for future releases