Fantastic, thank you for the update Rod! Jon
On Thu, Jul 15, 2021 at 3:28 AM Jenkins, Rodney J (Rod) < [email protected]> wrote: > All, > > All of the Docker images have been rebuild. While I have issues using the > key servers, it does not appear that the automated build process does not. > I will look in to this a bit further. > > Rod. > > > From: Jenkins, Rodney J (Rod) <[email protected]> > Date: Wednesday, July 14, 2021 at 12:09 PM > To: [email protected] <[email protected]> > Subject: [EXTERNAL] Re: Docker image change requests > Nationwide Information Security Warning: This is an EXTERNAL email. Use > CAUTION before clicking on links, opening attachments, or responding. > (Sender: [email protected]) > > > ------------------------------------------------------------------------------ > > > Jon, > > I will get started on that. I will move to SHA512 and should be able to > release 9.0. > > Thanks, > Rod. > > From: Jonathan Gallimore <[email protected]> > Date: Wednesday, July 14, 2021 at 11:49 AM > To: [email protected] <[email protected]> > Subject: [EXTERNAL] Re: Docker image change requests > Nationwide Information Security Warning: This is an EXTERNAL email. Use > CAUTION before clicking on links, opening attachments, or responding. > (Sender: [email protected]) > > > ------------------------------------------------------------------------------ > > > I'm fine with the sha512 change - go for it. > > > Jon > > On Wed, 14 Jul 2021, 15:39 Jenkins, Rodney J (Rod), < > [email protected]> > wrote: > > > Jon, > > > > Here is a link with more info on the key server issues: > > https://github.com/tomitribe/docker-tomee/pull/47#issuecomment-872093674 > > > > I was able to reproduce these. I have not been able to reliably built an > > image in the last couple weeks. > > > > There is another issue blocking TomEE 9.0. It looks like there is a > > missing key fingerprint from David’s new keys he uploaded. See the email > > on this list on 5/29. > > > > In my opinion, it is simpler to use the SHA and seems to be more > reliable. > > > > I have a PR request out there to remove the windows files. David did > give > > me access to approve that, but I am assuming that we would prefer someone > > else to approve it. > > > > I will start on a list of new tags to add to the images. > > > > Thanks, > > Rod. > > > > > > From: Jonathan Gallimore <[email protected]> > > Date: Wednesday, July 14, 2021 at 5:07 AM > > To: [email protected] <[email protected]> > > Subject: [EXTERNAL] Re: Docker image change requests > > Nationwide Information Security Warning: This is an EXTERNAL email. Use > > CAUTION before clicking on links, opening attachments, or responding. > > (Sender: [email protected]) > > > > > > > ------------------------------------------------------------------------------ > > > > > > Hi Rod, > > > > Can you elaborate on what the keyserver issue is? That sounds like the > > immediate blocker. > > > > We publish SHA512 checksums so I'm fine with using them, although a GPG > > check is also nice. > > > > I'm a +1 on the additional tags, and removing the .exes from the bin > > directory. > > > > Jon > > > > On Fri, Jul 9, 2021 at 7:35 PM Jenkins, Rodney J (Rod) < > > [email protected]> wrote: > > > > > All, > > > > > > There are two requests and one issue at > > > https://github.com/tomitribe/docker-tomee/issues > > > > > > The issue needs to be resolved sooner rather than later. The base > Debian > > > image as a vulnerability in it, we need to rebuild it. I will get that > > > going. However, I am concerned with the key server issues. I would > > like a > > > discussion on moving to the sha512 checksums. > > > > > > Adding additional tags was requested back in 2017. I like this idea. > > For > > > example we would point the “plus” tag at the latest 8 version on the > > newest > > > jre. Additional tagging is something we should be doing. > > > > > > Cleanup of the bin directory is an easy fix. This would make our > images > > a > > > bit smaller, which users like. > > > > > > I am happy to make these changes, or have a discussion. > > > > > > Please advise, > > > Rod. > > > > > > > > >
