[GitHub] zhaijack commented on issue #420: Issue 419: dockerfile - auto verify asc file GPG_KEY

Wed, 09 Aug 2017 08:01:39 -0700 

zhaijack commented on issue #420: Issue 419: dockerfile - auto verify asc file 
GPG_KEY
URL: https://github.com/apache/bookkeeper/pull/420#issuecomment-321267276
 
 
   @caiok The key server was not connect-able for about 6 hours.
   ```
   gpg: directory `/root/.gnupg' created gpg: new configuration file 
`/root/.gnupg/gpg.conf' created gpg: WARNING: options in 
`/root/.gnupg/gpg.conf' are not yet active during this run gpg: keyring 
`/root/.gnupg/secring.gpg' created gpg: keyring `/root/.gnupg/pubring.gpg' 
created gpg: requesting key B3D56514 from hkp server ha.pool.sks-keyservers.net 
 gpg: no valid OpenPGP data found. gpg: Total number processed: 0  
?: ha.pool.sks-keyservers.net: Network is unreachable gpgkeys: HTTP fetch error 
7: couldn't connect: Network is unreachable Removing intermediate container 
8054a51a48f3 
   ```
   
   We seems meet a selection between 2 things:
   1,  In every release, you do a manually work to add a Key into this docker 
file;
   2, Compromise that the apache website will be hacked, and bk binary is 
replaced by a malicious one.
   And this change choose the 2nd.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to