Docker images/tags should be signed. #8878
Labels
area: docker
area: pkging
area: security
needs-update
priority: unplanned
Work that we believe should be done, but does not have a higher priority.
If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.
My operating system is (include version):
Ubuntu 20.04 (Server)
I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):
Docker
I ran this command and it produced this output:
docker trust inspect --pretty certbot/certbot
Certbot's behavior differed from what I expected because:
Given the security-focussed nature of what certbot does and the space in which it operates the docker images should be signed to help defend against supply-chain attacks or copy-cat images trying to MITM the official Certbot images.
https://docs.docker.com/engine/security/trust/
The text was updated successfully, but these errors were encountered: