Open cgwalters opened 1 year ago
Thanks, that's useful to know. From a D-Bus API point of view we return an a{sv}
so it's easy enough to add. From a requesting-using-a-uri point of view it's harder, although maybe we can redirect with ?
parameters. I'll ponder, thanks.
For a client to verify a fetch, it must read a potentially unbounded amount of data in order to verify it matches the sha256 digest. If the trusted metadata is the 2-tuple
(size, sha256)
then a client can error out if the remote gives it more thansize
bytes. For OCI/Docker containers, the metadata today includes both. In ostree, it doesn't, and I regret it.