[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The spiped Docker image


Am 09.04.20 um 21:38 schrieb Vijay Kumar via spiped:
> Is the https://hub.docker.com/_/spiped   ; a legitimate Docker image of this spiped project?I didn't see any mention of this Docker image on the https://www.tarsnap.com/index.html    ; website. 

I am the maintainer of that Docker Image (and also other official Docker
Images). Colin is not directly involved within the creation of the
Docker Image, but he acknowledged the inclusion of the spiped Image
within the Docker Official Images program back when I proposed it:


The Docker Image you linked being a Docker Official Image means that the
following security implications apply:

- You must trust Docker Hub to not be compromised / serve you an
unmodified Docker Image.
- You must trust the maintainers of the Docker Official Image program to
upload a Docker Image matching the Dockerfile referenced by the manifest
within the docker-library/official-images repository:

This is true for every Docker Image within the Docker Official Images

You do not need to trust me, because you can verify the the contents of
the Dockerfile using the commits referenced in the manifest.

Best regards
Tim Düsterhus