Closed wizpresso-steve-cy-fan closed 7 months ago
I don't believe there's any easy way to change this at this point without breaking a lot of code that validates image names. How would a change like this be rolled out without breaking existing runtimes and client tooling?
Would this also mean that registry.example.org/project:tag
would be a different project from registry.example.org/Project:tag
? If so, that feels like a high risk of typo squatting attacks. If not, then why not automatically convert all project names to lower case when lookup up the repo name?
Would this also mean that
registry.example.org/project:tag
would be a different project fromregistry.example.org/Project:tag
? If so, that feels like a high risk of typo squatting attacks
That's a good point!
This was discussed in this week's OCI meeting and the consensus was that it's too late to make this change without breaking things.
Currently the spec mandates the name to be lower-cased, but there is no reason why. Rather than strictly following the rules, why don't we just relax it a little bit? Our company uses a capitalized name for our repos internally so this is quite annoying given that we cannot automatically link our container image by repo name anymore.