Le mardi, 29 avril 2014, 13.46:44 Paul Tagliamonte a écrit :
> On Tue, Apr 29, 2014 at 06:38:34PM +0200, Didier Raboud wrote:
> > please consider shipping Debian docker.io pre-built images in proper
> > Debian packages. Having "stable" pre-built images in Debian
> > packages ensures a trust link within the distribution. I'm not
> > happy with the increasing incentive to download distribution images
> > across untrusted links (although index.docker.io at least runs over
> > HTTPS).
>
> I totally agree. I've been pushing for docker upstream to adopt
> OpenPGP signatures on images, but it looks like they want to go with
> SSL Certs. Once those are in place, I'm happy to provide a
> pseudo-official image.
Well, sorry to nitpick, but having Debian's docker.io package ship a
public key to trustfully download non-free distribution images wouldn't
make it overly better. Debian users have a trust link with the Debian
binary packages as shipped in the distro, but there's no good reason to
extend that trust to what docker.io upstream built: we're talking about
_big_ archives full of _binaries_ (for which there is strictly no
freeness or trustworthiness warranties!) that then run on our machines!
Similar to what we do for debian-installer-netboot-images, I was
thinking we could have (at least for Debian docker.io containers)
something like:
# apt install docker.io-image-debian-wheezy
This package would contain a docker.io image built on buildds, updated
on point-releases.
> However, a better and more sustainable solution here is to ship a
> script to create a Debian image via debootstrap. Something small and
> auditable.
Le mardi, 29 avril 2014, 21.59:49 Jan Wagner a écrit :
> Did you have a look into
> /usr/share/docker.io/contrib/mkimage-debootstrap.sh? You can generate
> your own image via debootstrap.
There's that, at least. It should get it's .sh postfix removed, get
updated to support more than amd64 and be shipped as /usr/bin/docker.io-
mkimage-debootstrap for example.
> I'd been considering a script to take an sbuild tarball => docker
> image. I've not done it yet, but this bug is good motiviation.
Yay.
> I'll see if there's something I can do to help :)
Yay².
Cheers,
OdyX
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
