Currently ocifilter.Immutable is flawed because there's a potential window where a client could see a tag changing underfoot.
We could fix that by passing in an interface that allows access to some kind of distributed lock. When pushing a tag, we would obtain access to the lock before pushing the tag, thus closing the window. Clearly it would be only an advisory lock because other clients with write access could ignore it, but it still might be enough in scenarios where access is strictly via a known proxy.
Currently
ocifilter.Immutableis flawed because there's a potential window where a client could see a tag changing underfoot. We could fix that by passing in an interface that allows access to some kind of distributed lock. When pushing a tag, we would obtain access to the lock before pushing the tag, thus closing the window. Clearly it would be only an advisory lock because other clients with write access could ignore it, but it still might be enough in scenarios where access is strictly via a known proxy.