Jon, I will get started on that. I will move to SHA512 and should be able to release 9.0.
Thanks, Rod. From: Jonathan Gallimore <[email protected]> Date: Wednesday, July 14, 2021 at 11:49 AM To: [email protected] <[email protected]> Subject: [EXTERNAL] Re: Docker image change requests Nationwide Information Security Warning: This is an EXTERNAL email. Use CAUTION before clicking on links, opening attachments, or responding. (Sender: [email protected]) ------------------------------------------------------------------------------ I'm fine with the sha512 change - go for it. Jon On Wed, 14 Jul 2021, 15:39 Jenkins, Rodney J (Rod), <[email protected]> wrote: > Jon, > > Here is a link with more info on the key server issues: > https://github.com/tomitribe/docker-tomee/pull/47#issuecomment-872093674 > > I was able to reproduce these. I have not been able to reliably built an > image in the last couple weeks. > > There is another issue blocking TomEE 9.0. It looks like there is a > missing key fingerprint from David’s new keys he uploaded. See the email > on this list on 5/29. > > In my opinion, it is simpler to use the SHA and seems to be more reliable. > > I have a PR request out there to remove the windows files. David did give > me access to approve that, but I am assuming that we would prefer someone > else to approve it. > > I will start on a list of new tags to add to the images. > > Thanks, > Rod. > > > From: Jonathan Gallimore <[email protected]> > Date: Wednesday, July 14, 2021 at 5:07 AM > To: [email protected] <[email protected]> > Subject: [EXTERNAL] Re: Docker image change requests > Nationwide Information Security Warning: This is an EXTERNAL email. Use > CAUTION before clicking on links, opening attachments, or responding. > (Sender: [email protected]) > > > ------------------------------------------------------------------------------ > > > Hi Rod, > > Can you elaborate on what the keyserver issue is? That sounds like the > immediate blocker. > > We publish SHA512 checksums so I'm fine with using them, although a GPG > check is also nice. > > I'm a +1 on the additional tags, and removing the .exes from the bin > directory. > > Jon > > On Fri, Jul 9, 2021 at 7:35 PM Jenkins, Rodney J (Rod) < > [email protected]> wrote: > > > All, > > > > There are two requests and one issue at > > https://github.com/tomitribe/docker-tomee/issues > > > > The issue needs to be resolved sooner rather than later. The base Debian > > image as a vulnerability in it, we need to rebuild it. I will get that > > going. However, I am concerned with the key server issues. I would > like a > > discussion on moving to the sha512 checksums. > > > > Adding additional tags was requested back in 2017. I like this idea. > For > > example we would point the “plus” tag at the latest 8 version on the > newest > > jre. Additional tagging is something we should be doing. > > > > Cleanup of the bin directory is an easy fix. This would make our images > a > > bit smaller, which users like. > > > > I am happy to make these changes, or have a discussion. > > > > Please advise, > > Rod. > > > > >
