From 76de7cca62f0471d35dcb5899b3ca937b4999457 Mon Sep 17 00:00:00 2001
From: akwizgran <michael@briarproject.org>
Date: Fri, 3 Feb 2023 17:46:24 +0000
Subject: [PATCH] Remove references to IGNORE_EXPIRY.

---
 Dockerfile |  1 -
 README.md  | 11 ++++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8333343..2b937f9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,5 @@
 FROM debian:bullseye
 
-ARG IGNORE_EXPIRY=0
 ENV LANG=C.UTF-8
 ENV DEBIAN_FRONTEND=noninteractive
 
diff --git a/README.md b/README.md
index f9a2a6f..e84476b 100644
--- a/README.md
+++ b/README.md
@@ -55,13 +55,10 @@ Build our Docker image:
 
     docker build -t briar/go-reproducer go-reproducer
 
-Building the image might fail due to expired Debian packages.
-You can disable the expiry check by adding a build argument:
-
-    docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer
-
-However, note that this might expose the build process to MITM attacks
-which inject outdated vulnerable packages.
+To ensure reproducibility we build the image from a fixed snapshot of Debian
+and ignore expiry warnings for Debian packages. This means the build process
+inside the Docker container may use outdated packages that could contain
+known vulnerabilities.
 
 ### Run the verification
 
-- 
GitLab