From 76de7cca62f0471d35dcb5899b3ca937b4999457 Mon Sep 17 00:00:00 2001 From: akwizgran <michael@briarproject.org> Date: Fri, 3 Feb 2023 17:46:24 +0000 Subject: [PATCH] Remove references to IGNORE_EXPIRY. --- Dockerfile | 1 - README.md | 11 ++++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8333343..2b937f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ FROM debian:bullseye -ARG IGNORE_EXPIRY=0 ENV LANG=C.UTF-8 ENV DEBIAN_FRONTEND=noninteractive diff --git a/README.md b/README.md index f9a2a6f..e84476b 100644 --- a/README.md +++ b/README.md @@ -55,13 +55,10 @@ Build our Docker image: docker build -t briar/go-reproducer go-reproducer -Building the image might fail due to expired Debian packages. -You can disable the expiry check by adding a build argument: - - docker build --build-arg IGNORE_EXPIRY=1 -t briar/go-reproducer go-reproducer - -However, note that this might expose the build process to MITM attacks -which inject outdated vulnerable packages. +To ensure reproducibility we build the image from a fixed snapshot of Debian +and ignore expiry warnings for Debian packages. This means the build process +inside the Docker container may use outdated packages that could contain +known vulnerabilities. ### Run the verification -- GitLab