Open radu-matei opened 4 years ago
I would hazard a guess that 99% of the time, someone who did this either a) assumed that it would use latest
as the tag because they aren't familiar with the tool and hope it works like docker or b) made a mistake and didn't want it to push an untagged bundle.
If we do need to keep this behavior around, I suggest it is put behind a flag for people who explicitly want it.
The current behaviour of
cnab-to-oci
is to allow pushing to a repository without a tag:If a bundle is pushed without a tag, pulling it has to be performed using the full SHA256 digest, which is unknown to a potential consumer of the bundle. Should we enforce pushing with a specific tag? (Or at least by default?)
Note that this is also significant in the context of signing.