[Secure-testing-team] Bug#746394: Please consider shipping pre-built images in Debian packages
Didier Raboud
odyx at debian.org
Tue Apr 29 16:38:34 UTC 2014
Package: docker.io
Version: 0.9.1~dfsg1-2
Severity: wishlist
Hi dear docker.io maintainers,
please consider shipping Debian docker.io pre-built images in proper Debian
packages. Having "stable" pre-built images in Debian packages ensures a trust
link within the distribution. I'm not happy with the increasing incentive to
download distribution images across untrusted links (although index.docker.io
at least runs over HTTPS).
One possibility would be to build docker.io images similarly to what is done
for debian-installer-netboot-images: download packages in a trusted way and
make sure they get listed in the Built-Using field; then of course make sure
they get (bin)NMUed at each stable release update.
Opinions?
Cheers,
OdyX
More information about the Secure-testing-team
mailing list