Story #9512
Updated by pulpbot over 2 years ago
**Ticket moved to GitHub**: "pulp/pulp_container/503":https://github.com/pulp/pulp_container/issues/503 ---- ~~Container signature has a specific path structure `base/namespaces/name@digest-algo=digest-value/signature-index`~~ ~~**Example of the URL the client calls during signature verification process** GET https://registry.redhat.io/containers/sigstore/ubi8/ubi-micro@sha256=43520d9634eaaa007a697be79eb604fcbfd348afe5e620c1407629bf20ced542/signature-1~~ ~~Within the URL, `index` is a decimal integer (in the canonical form), starting with 1. Signatures are stored at URLs with successive index values; to read all of them, clients start with index=1, and continue reading signatures and increasing index as long as signatures with these index values exist.~~ ~~Similarly, to add one more signatures to an image, one would need find the first index which does not exist, and then store the new signature using that index value.~~ ~~For these reasons, it is not advised to provide a DELETE API, and the only way a signature would be removed from the sigstore would be with the image removal itself.~~ This is no longer true since we're adding signature api extentions. We'd still not allow signature removal api. The only way a signature would be removed from the registry would be with the image removal itself. **More info on the signature protocols** https://github.com/containers/image/blob/main/docs/signature-protocols.md