Project

Profile

Help

Story #7419

closed

As a user I can integrate with DOC,SEC: Docker Notary client / TUF support

Added by westurner over 3 years ago. Updated over 2 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Hey, are there and are there docs for Docker Notary / TUF features?

From https://twitter.com/westurner/status/1299542433106202625 ::

#DockerNotary (#TUF) is justified and necessary because container images sidestep normal OS package integrity verifications (with e.g. GPG) and nobody runs debsums or rpm --verify on images they're trusting with all of their ops. "Trusted Install Media"

https://docs.docker.com/notary/getting_started/

https://github.com/theupdateframework/specification/blob/master/tuf-spec.md

https://en.wikipedia.org/wiki/The_Update_Framework_(TUF)

(FWIU, #6871 is also an opportunity for better security. )

Actions #1

Updated by ipanova@redhat.com over 3 years ago

  • Tracker changed from Issue to Story
  • Subject changed from DOC,SEC: Docker Notary / TUF support to As a user I can integrate with DOC,SEC: Docker Notary client / TUF support
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)
Actions #2

Updated by ipanova@redhat.com over 3 years ago

  • Tags deleted (Documentation)
Actions #3

Updated by ipanova@redhat.com over 2 years ago

  • Status changed from NEW to CLOSED - WONTFIX

we are adding container signing and verification but it wont be compatible with docker notary.

Also available in: Atom PDF