[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The spiped Docker image

To: Vijay Kumar <vijaychhipa@yahoo.com>, spiped@tarsnap.com
Subject: Re: The spiped Docker image
From: Tim Düsterhus <tim@bastelstu.be>
Date: Thu, 9 Apr 2020 22:33:12 +0200
Autocrypt: addr=tim@bastelstu.be; prefer-encrypt=mutual; keydata= mQGiBEp4RjERBADS2mpyB7QAFM2JbgCNMbhxOCCvwm4uakKOaL8Csjb3ZyEFxs4e6pxCikJX U3ZxByA5tPv5C6RnSdizx7D/5Xj1W+DsYGRj9cSj+TKaIeZgyFi8V1jGMd42cvn4X8YXnu5W DZFwClOdS+cN8EgnrW+5l/HK8OxixiSctD1dorzIQwCgnZX+oW7O+IErYRKWPGEd8DVh/kUD /RvL7qH/q0oPYVzQ+aLyQLoMd38bcMfeHK0Ays6z7yZWomngznRtfqxD6RNnRQbfytmlRIka 7MB+dkn+In3d6h5wAZFxLCHRk/Gn53+Ddxs9/Lb+kDlSHLQ23vZOBWiEpJ5++qOV9E5TOLhP W47D2cnHSyzQiFoif/q3Aiqj20diA/0Ss/fB1eOV6gNaMPbFfPMDvGslAe5x5qb0ZmlUSAKN xlqB2jDD3mXQqVP2Qxtjt6xOuCu0MzxPhBoGN6nyxkIgpPKWDDRGEcQfcZPJfq/nZ+Jyh+SV la3bLIRfDQ0+fuHQ4UeRdCmZ7738WWBel5iOhk6hvdOtMtwRN5T0qp7qoLQoVGltIETDvHN0 ZXJodXMgPHRpbXdvbGxhQGdvb2dsZW1haWwuY29tPohlBBMRAgAlAhsjBgsJCAcDAgYVCAIJ CgsEFgIDAQIeAQIXgAUCTJtYowIZAQAKCRBXjoZ92bSMeNh1AJ9WWlpzeAYbrebYxQ6e57MH R/GQ8gCeK9dSiK+Rjg1xD8dESdL46WIFVO25Ag0ESnhGMRAIAOh1hkQU+rfEdNp1Rc7rZ+Ts yCc2UF1/lN76ElVAHbAmymfIuUqUBNtwoGrTgnTFO2PwD6LJOj4B7m6hNCtf175nT03ibQ2R JZAG28Qz/xe5gY8F5gctCZ9u2j7iO/a9t54byKUauGWgSaW3pQQzmw12Y6Sp/uWmuDznDOum GTFgSEZlWhDtDqSNeolk5pBTUcwZwYDJRpqtsCkrlhgX4gBekd8MxitCe8QPfNNId52NpVfN +Nlz67HQwDEIvFGUTG0cJD7Gj/tESSbs1CKWiY0W3pElDp5tLMjiDpCUfx6rchUDW6/fStXY jTRi8UIy3TQEKpjmZM2OANePACS41hsAAwUIAMFR5eo1jTBH0E9T9wFSQ9PSow2EOp1d2ps3 hHqps37JhL7Vt45f1AeoUrDtOdfsVeCG+sx5Dp/0aeqZwmmUtTPc4GVvwngsN7Hy2jajkL8m zODOtKjMkZS3gNPhKoLYi77/h7uxSU6fUXJpHZU8V76xopFMNR/Jdz+GE1H0Vr6ATn3Z8ru4 IcC5rm09VxxBYWccm5Q8Hqx3yKG6sr4gkidnAfmCOsGsoNDk4J3QUtBHsuLkhVfktfqUvRPq c3ovBZqv7eMyvCyua2zKA+hC/nMLZLZERMgq6FXTAlLdPW3GxpEqYGkuSS3oO2zDBUVK2+cx 6sEMonVpE82AdirIYp+ISQQYEQIACQUCSnhGMQIbDAAKCRBXjoZ92bSMeIkYAJ9D83PUFmJN L3akxujHleQTfD4W0gCfU9AHzHHm11IiXbBDJr5+eyS9N365BK4ETimSexEMAK924914/ROk DrGKaGSarkA5uTpwfE7gpf7vc02bdoCaEafNwQiVKiPc6EQXhWrNcaE/X8qQ/Kw43HlB3W8e 3kv1nUCKNk1YC1sydz8EgFMnpR69c42XPfx9u8dxWrxG+8mB/NcB2nPU9+Qos36tEhRkQ4BS CP9gzJURphKOOwiRkc0b7Myl/KqvwWe1Un8bJvBrzm6O0ZC8TbcvJwfmjzTyit6oYj8Y+y06 Hxwo8BlatATotatNDRd6JkxJGJL26UW7RqjkOh/61MKOQ0h+1S9zSnWPADT9yZIevvbwLju7 kMpEG9lHiIeC7rSf6Nvx8096YwekOaT9aZSSI+dtf0516/UmhgPjystSx5mi8DENjcu00jvp IDGu9SQo3wp31ed20yL3o9PvX0TBrN44yYcq57Z1uxWIf5wol8s1fclCUkwY4+GuRHFrblm8 K/HFOr1Vcff/qcJCk2Gw06a0jvqteCQdLVSrB+ban8MrsRviTyrzqmVfPvkRQLeV/iKS6wEA paDhqmMeW2EwuzQSYDn4kWh+sDlx9QhKCdH1DUYM99UL/0fJ54i75/a0j6cDA5ZASU4/yY2Z RZGSWMFeZRnYe//4+Jhv68nG09SYCqhm9QX2sfLysox/o7qpJH+y8K2gcvsqKftOuIi3vyhq 2Fwftrcch3zR5y46q7/uukkIZO8ByO/0psJofaC3AiAw5PSRZ70DQpUTlqqcOuWKBQppUpgw VsbD4hyupVPzS34AU76PvlaJk+QcVHTvtIfbP135NQ0/qMQUXwQ3Vz+WoXy6MrqJCF6VPdpU vGrUPfLNYS+b5lUdan/PZ8q9J4P+S0uHQu/3vsu4oXo9t7sJ1v5alX73nrkcucNtrwVHM/6Z alGlADGYQgWGZvzi6oxdVsKli40GfxVDoY4v/rd6rlEHR+1yANN7lIgcviqOB0YbsYTikOXt lx8uTqtqlKoAtHu/mLkdp1mK9MUXbFkytw4o/n3YXqsNyFjZMK+F3dChM6dFfMVbYAYOrKHw 2SAJIMQU5FfCbVibANRag7AyF4nWDe9o2I+yi1V+4OdfHqNePb0QUAwAjIdIoy/nZTj14L6H ulr+UprFP9IoS0O6mrPGa47ZtU7eLjIdXx87CBARJgBxWRnIYjwxR+/PLAEFOKZGOT4juj5y cPsbUjS0eN5m6QwAxveF0srd8QBl9qrO4EudP0HqmoBhrNQMnO5oeAOaxsPo5HvnqIdKIjQv /ZCgHUa0zwGXhILpJJWOIFUjFr1gcPuvr0OskX/ZnZFHWQ84wDJ8z80CQS8eKrbsyq/obCfl aau+QfnWnsyiDlBqipusXC5tGDlb5kyXiTviLZMToFIWeiCrjL3V2R2Tg4wr0PFGmPdfvxqm w6+gaRimvEmvvJ2sWoLKJu6IpeMFE20O/FL8+DJXkL3RDioa1iKlpdyiD1orLR9jXap63Mbw MuiB/K4965zIf/GiISfswW1xW3ukWIhJfqmF2fql3SH0vQSBIVJRvSW0efhG7H/YjGfXqDKC a0wacg0elqvX9VwWcP9MoHa6UeV/nsZuqnBAGyak3g7uE7xT5IWJVJNKRRpthPA0iKkEGBEC AAkFAk4pknsCGwIAagkQV46Gfdm0jHhfIAQZEQgABgUCTimSewAKCRCfzyiD8J4kg5dxAQCc /YwBdt00ztF23uumyi2mYzrTR8LVHKfR1POT+dxuxQD+ML6hTOX0NqPWW9mQU2b8pd9UYtxq +0XTavRGokSngWMiZQCfWmbOga1DIM2h4pbhmXQOoh2EY2MAn039/2PdmFfmzaie6Lr/BwGg knDOuQQNBE4pkrkQEADj/6KAobLzjBxlT7/UNksWkADYg9Ir0bPyIEhD3ce9Bymmy//qEh61 DV1TAg7TieB70f8/sAa951sg7Uystkcmxvyfp/LCL4K4m4avhHrCPfzvjNJUkoZuaYQUqOya jzR8lxaRH5yWd40ZjV2yz07oDe48UkMGVpx8mad75HrmUc6rok5X0JuONkP43C+avCe7y/JS fvD/nOX2yQMUm+l4jNQKj3u62smaE1TXFUwMutO8OIjMEwVO+/whpKq2FV0TE0Bo+ilVVe6h xJ3aW3w4XFMa9wn5IdO5C2j32hQ9k1b3HBjAS1/Thv8fCxyRKLyknvLsO6YEf2aq4t7Yl4yP 4q9uDzijb+tM1e+Mg6qQtp+VChbS5pG2UenexUjyXH3ZjniZX9vvsIEoF14+e+l5bjI2vql4 fKIm9/Joh/hsXcvkiKL++r5+0vbAhG931MMK93RJtyIYwjO73Q7ierMtoX/hjYauNaKMh9FK LtyB7k0SG6crCp/M9+ooT/VkCyVVpA5VsTnYnCKf5Y6d4HsDp6sMzOiCCwCwJB5va/kE4xYV kBDoSxs6XtIEBGsIESXqg92kLB/gc/tTQMOVfYYSdHuwNwV2ItIjnH/T8IYK4UFEEdpCKRhG ebi0meH7in+8x+Z9M4MpQ3PRB/fVlpmh1Z0rmSdScPWdZq8tXFygKwADBRAAqjYGt7t1+Too pbdD/ETboF6Nnb9nQ8DNAVOwzd6mOBfqLRUgm+VTSrQ63pfOGZAYoIY1Of2I+xG0/ORMFpBb VlcL8rbbZEgYlCi33givCuDIXyf/H63m0IKYmXyl6QqzuywJlmrvrwE1UN0N50nYc6Uvmpyl uMoSuD/Q3OW5VSUvZaknwWIhtTn2NdELW3YPN7+w9PJk8j9IzJU688gpq1Pj5yemdNEhdlj1 3CSeI7p5Eqb+ecllku5hUWpF3q6TT7+Hipy9291IXabC/idg44RImwJA6BCiGzW9in/4EgZ6 LsdIX8AObOiisLAg18vjM+0aFhjvnvighyg5D+V+cWX4TbW8/jdAjtbgA8lI2v27tLx2O7PM cBJWHZgqVvZMYgb9R3wJD7um9i3lNnB2IZkdRXm4f7d++tdHPRGaf9fJEzbioDR/XC5mrNhj NyxVdkHe0jGIubyiZm+Bk1u48sulB90nciIxnIZHIhEK+yvsN/kZO4FjW4TW3jg6j6J1CZKs zEJaMAbqmzFz8axAXLmKJ5BB1BGPTFlJiY8kqeKGver40AKWgbDbJGoFAiW8TI/WUYjmclsg xSEIfweiYfv9McPU8Q9LIr34Fy0MjNpxbGbgbNkzwcEMLG8Vi3TR5pxwdSewSt+SjyRJdauF biUvdeKlVu9NJ8q8vrk1A+2ISQQYEQIACQUCTimSuQIbDAAKCRBXjoZ92bSMeAJaAJ9FPFig eO+ECi9ospMU+Bgib+6sdwCfW+JcQNcwH+1TmKlFaXiqXZXMElQ=
In-reply-to: <789113178.3327537.1586461081299@mail.yahoo.com>
Openpgp: preference=signencrypt
References: <789113178.3327537.1586461081299.ref@mail.yahoo.com> <789113178.3327537.1586461081299@mail.yahoo.com>

Vijay,

Am 09.04.20 um 21:38 schrieb Vijay Kumar via spiped:
> Is the https://hub.docker.com/_/spiped   ; a legitimate Docker image of this spiped project?I didn't see any mention of this Docker image on the https://www.tarsnap.com/index.html    ; website. 
> 

I am the maintainer of that Docker Image (and also other official Docker
Images). Colin is not directly involved within the creation of the
Docker Image, but he acknowledged the inclusion of the spiped Image
within the Docker Official Images program back when I proposed it:

https://github.com/docker-library/official-images/pull/1714#issuecomment-219556607

The Docker Image you linked being a Docker Official Image means that the
following security implications apply:

- You must trust Docker Hub to not be compromised / serve you an
unmodified Docker Image.
- You must trust the maintainers of the Docker Official Image program to
upload a Docker Image matching the Dockerfile referenced by the manifest
within the docker-library/official-images repository:
https://github.com/docker-library/official-images/blob/master/library/spiped

This is true for every Docker Image within the Docker Official Images
program.

You do not need to trust me, because you can verify the the contents of
the Dockerfile using the commits referenced in the manifest.

Best regards
Tim Düsterhus

References:
- The spiped Docker image
  - From: "Vijay Kumar via spiped" <spiped@tarsnap.com>

Prev by Date: The spiped Docker image
Next by Date: Incomplete DMARC mangling on the list (was: Re: The spiped Docker image)
Previous by thread: The spiped Docker image
Next by thread: Incomplete DMARC mangling on the list (was: Re: The spiped Docker image)
Index(es):
- Date
- Thread