Pulling a blob doesn't specify 307 as a valid response status code

[sajayantony]

The specification currently expects a registry to return 200 status code on GET on pulling a blob which may not be the case with many implementations. A 307 is a valid response and it seems like this might have been missed in the spec.

A GET request to an existing blob URL MUST provide the expected blob, with a response code that MUST be `200 OK`.
A successful response SHOULD contain the digest of the uploaded blob in the header `Docker-Content-Digest`.
If present, the value of this header MUST be a digest matching that of the response body.

[northtyphoon]

Should the spec also allow 206 partial content success status?

[mikebrow]

@sajayantony the wording here is covering the success case for an "existing blob." As for redirect failure.. I don't think we've added redirects to the distribution spec yet.. but I see you have a PR for that. https://github.com/opencontainers/distribution-spec/pull/398 :-)

@northtyphoon partial content is not supported because the digest is calculated against the entire blob..

[sajayantony]

Would like to get feedback if we should just add this to pull manifest and blobs - as per @sudo-bmitch

https://github.com/opencontainers/distribution-spec/pull/398#issuecomment-1492513829

http redirect status codes should be supported by clients according to https://www.rfc-editor.org/rfc/rfc7231#section-6.4

[sudo-bmitch]

Would like to get feedback if we should just add this to pull manifest and blobs - as per @sudo-bmitch

https://github.com/opencontainers/distribution-spec/pull/398#issuecomment-1492513829

http redirect status codes should be supported by clients according to https://www.rfc-editor.org/rfc/rfc7231#section-6.4

I'd lean towards adding a section to API indicating that clients and servers should follow the HTTP RFCs unless directed otherwise in the distribution spec.