Closed iamsamirzon closed 2 years ago
PR for 1st pass: https://github.com/notaryproject/notaryproject/pull/119 Pending adding support for explicit ignore lost instead of implicit.
This was addressed as part of https://github.com/notaryproject/notaryproject/pull/119
Summary The standard should allow to scope the signature verification to a narrower namespace of registry/repo Intended Outcome The specfication PR is merged Additional context Should support mixed images usecase - signed and unsigned images; and namespaces like : Registry/Repositry, or just Registry only; This reduces blast radius; Allows workloads to be configured to pull from different registries and only expect specific keys/certificates from specific registries;