Actions
Story #7419
closed
As a user I can integrate with DOC,SEC: Docker Notary client / TUF support
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Hey, are there and are there docs for Docker Notary / TUF features?
From https://twitter.com/westurner/status/1299542433106202625 ::
#DockerNotary (#TUF) is justified and necessary because container images sidestep normal OS package integrity verifications (with e.g. GPG) and nobody runs debsums or rpm --verify on images they're trusting with all of their ops. "Trusted Install Media"
https://docs.docker.com/notary/getting_started/
https://github.com/theupdateframework/specification/blob/master/tuf-spec.md
https://en.wikipedia.org/wiki/The_Update_Framework_(TUF)
(FWIU, #6871 is also an opportunity for better security. )
Updated by ipanova@redhat.com about 2 years ago
- Tracker changed from Issue to Story
- Subject changed from DOC,SEC: Docker Notary / TUF support to As a user I can integrate with DOC,SEC: Docker Notary client / TUF support
- % Done set to 0
- Severity deleted (
2. Medium) - Triaged deleted (
No)
Updated by ipanova@redhat.com 10 months ago
- Status changed from NEW to CLOSED - WONTFIX
we are adding container signing and verification but it wont be compatible with docker notary.
Actions
.