Skip to content
This repository has been archived by the owner on Feb 16, 2018. It is now read-only.

Dockerfile should do checksum verification on CLI files #10

Closed
MichaelSimons opened this issue Apr 18, 2016 · 3 comments
Closed

Dockerfile should do checksum verification on CLI files #10

MichaelSimons opened this issue Apr 18, 2016 · 3 comments
Labels
bug
Milestone
RTM

Comments

@MichaelSimons
Copy link
Member

Dockerfile should do a checksum verification on the CLI files downloaded.
@MichaelSimons MichaelSimons added this to the RTM milestone Apr 18, 2016
@MichaelSimons MichaelSimons mentioned this issue Apr 18, 2016
Merged
@MichaelSimons
Copy link
Member Author

@friism, In #9 you made the suggestion

It'd be nice if you published and checked checksums for the .tar.gz

Upon thinking about this further, I feel like I am missing the purpose of this. The file is being downloaded via https, what is the value in using a checksum in this scenario?

@friism
Copy link

friism commented Apr 29, 2016

@MichaelSimons I agree that it's probably not that important, but it is a convention on the UNIX side (check out some of the Linux Dockerfiles).

The check makes sure that the download is not corrupted. But notably, the government can still MITM you because they can serve both the download artifact and an md5 hash that matches.

@MichaelSimons MichaelSimons mentioned this issue May 26, 2016
Closed
@MichaelSimons
Copy link
Member Author

This is being tracked with dotnet/dotnet-docker#43. Closing

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
RTM
Development

No branches or pull requests
2 participants
@friism @MichaelSimons