Open DerrickMartinez opened 4 years ago
Thanks for raising it.
The issue is that notary does not have a friendly API to sign and remove the signatures.
Notary team is working on a v2 to address a few existing issues and we are closely following up.
But this limitation may have to exist for a while.
Is there any update on this?
This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.
Looks like Cosign solved this: https://goharbor.io/blog/cosign-2.5.0/ I'm about to look into the best way to switch from Notary to Cosign and what to do with old tags/images that should have been garbage collected
I'd like to file a feature request. Harbor has some really powerful tag retention rules, but they don't work with signed images due to the issues with Notary. Can we work with the Notary team to come up with a way to remove images?