Verify Docker Download

[amouat]

Rather than just curl the docker binary, it would be slightly more secure to use http://apt.dockerproject.com and grab the signing key. You should be able to find examples of this on-line, otherwise give me a shout. This would also mean you could just download the latest version of docker rather than a pinned version, which may or may not be a good idea.

[amouat]

Hmm, just noticed ContainerSolutions/minimesos#164. Note that you don't need a statically linked binary, you just need a complete version of Docker inside the image whether it's static or dynamically linked.

If you want to stick with the static binaries for whatever reason, it would be nice to grab the signature and check it ala the redis official image.