Dockerfile update needed

[hwbllmnn]

In the latest release there are a couple of workarounds related to certificates. For example, the (valid!) certificate for geoportal.bayern.de is downloaded and then added to the Java trust store. I assume that's because otherwise SSL verification will fail when running tests, because the Java and/or Debian version are very old.

Adding valid certificates to the truststore to avoid certificate validation errors defeats the whole purpose of certificate chains and trusted root certificates. The server above uses a Let's encrypt certificate and is probably not the only one doing so. Currently the Dockerfile contains this workaround for a couple of domains, surely maintaining such a list cannot be the solution (currently building the image even fails due to the unavailability of one of these servers).

According to https://wiki.debian.org/LTS support for Debian 8 ended in 2020. IMHO the Dockerfile should switch to a recent Debian version like 11 (bullseye), even Debian 9 support will end in a few months. An update to Java 11 or 17 would probably also makes sense.

Are there any plans when this will be fixed?

[jenriquesoriano]

Dear @hwbllmnn ,

thank you for sharing this concern.
It is a relevant discussion and you are right, as there are dependencies that can potentially create incompatibilities in an eventual java version upgrade.
In parallel, a new version of the ETF is in process and the whole infrastructure will have to be revisited in general.
Thus, we will analyse in detail the proposal made and will come back later with further contributions in this regard.

We mark this issue as a discussion to keep this thread open for contributions from the community.

Thank you very much.

Best regards,