mtrmac
commented
8 years ago The core refresh code is being addressed in #267.
Open mtrmac opened 8 years ago
mtrmac
commented
8 years ago The core refresh code is being addressed in #267.
The certificate created on repository initialization (or first (docker push)) has a hard-coded 10-year expiration and refresh is not implemented; this limits the lifetime of any signed repository to 10 years. We can’t deploy long-term systems with such a time bomb. (The 10 years give us some time to do this later, but we need at least a proof of concept to make sure we are not painting ourselves into a corner; and upgrading an already deployed system may be quite costly, so it would be much better to completely address this before 1.0.)
In addition to the minimal implementation of a certificate refresh, we also need deployment guidance for image publishers (e.g. should everyone set up a cron job? How does this work with HSMs/YubiKeys?).