Project

Profile

Help

Story #7419

As a user I can integrate with DOC,SEC: Docker Notary client / TUF support

Added by westurner about 2 months ago. Updated about 2 months ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Hey, are there and are there docs for Docker Notary / TUF features?

From https://twitter.com/westurner/status/1299542433106202625 ::

#DockerNotary (#TUF) is justified and necessary because container images sidestep normal OS package integrity verifications (with e.g. GPG) and nobody runs debsums or rpm --verify on images they're trusting with all of their ops. "Trusted Install Media"

https://docs.docker.com/notary/getting_started/

https://github.com/theupdateframework/specification/blob/master/tuf-spec.md

https://en.wikipedia.org/wiki/The_Update_Framework_(TUF)

(FWIU, #6871 is also an opportunity for better security. )

History

#1 Updated by ipanova@redhat.com about 2 months ago

  • Tracker changed from Issue to Story
  • Subject changed from DOC,SEC: Docker Notary / TUF support to As a user I can integrate with DOC,SEC: Docker Notary client / TUF support
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)

#2 Updated by ipanova@redhat.com about 2 months ago

  • Tags deleted (Documentation)

Please register to edit this issue

Also available in: Atom PDF