caiok commented on issue #420: Issue 419: dockerfile - auto verify asc file 
   @zhaijack Please note that the risk is not only that apache website will be 
compromised, but rather a man in the middle attack.  If we should choose option 
2 we should remove all verification code from dockerfile, because it give a 
misleading security feeling. 
   I strongly prefer to follow industry standards and verify packages, though. 
Take a look at the [official images guidelines about 
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

With regards,
Apache Git Services

Reply via email to