Vijay, Am 09.04.20 um 21:38 schrieb Vijay Kumar via spiped: > Is the https://hub.docker.com/_/spiped a legitimate Docker image of this > spiped project?I didn't see any mention of this Docker image on the > https://www.tarsnap.com/index.html website. >
I am the maintainer of that Docker Image (and also other official Docker Images). Colin is not directly involved within the creation of the Docker Image, but he acknowledged the inclusion of the spiped Image within the Docker Official Images program back when I proposed it: https://github.com/docker-library/official-images/pull/1714#issuecomment-219556607 The Docker Image you linked being a Docker Official Image means that the following security implications apply: - You must trust Docker Hub to not be compromised / serve you an unmodified Docker Image. - You must trust the maintainers of the Docker Official Image program to upload a Docker Image matching the Dockerfile referenced by the manifest within the docker-library/official-images repository: https://github.com/docker-library/official-images/blob/master/library/spiped This is true for every Docker Image within the Docker Official Images program. You do not need to trust me, because you can verify the the contents of the Dockerfile using the commits referenced in the manifest. Best regards Tim Düsterhus