Open plooploops opened 1 year ago
@plooploops This annotation is required per Notary signature spec. It is not enforced in the implementation yet.
@gokarnm, @priteshbandi and @shizhMSFT do you have any comments?
Similar to this issue https://github.com/notaryproject/notation/issues/475, there is a need for users to push/attach notary compliant signature to container images.
It is required for the future. Basically, it will be used for signature filtering.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Per the storage section of the signature specification, the annotation io.cncf.notary.x509chain.thumbprint#S256 is "A REQUIRED annotation whose value contains the list of SHA-256 fingerprint of signing certificate and certificate chain (including root) used for signature generation."
I wanted to understand if the annotation io.cncf.notary.x509chain.thumbprint#S256 is still required, as I have been able to attach an artifact without this annotation and then later verify using notation v1.0.0-rc.2.