sudo-bmitch
commented
7 months ago cc @jonjohnsonjr and @sajayantony
Closed sudo-bmitch closed 5 months ago
sudo-bmitch
commented
7 months ago cc @jonjohnsonjr and @sajayantony
sudo-bmitch
commented
6 months ago @mikebrow was your feedback addressed, or is there anything else I'm missing?
In the discussions of whether to require registries to accept a manifest with a subject pointing to missing digest, there was a use case mentioned of pushing metadata to a separate repo from the images. In cases where the registry does support pushing these manifests, the empty response to the referrers API breaks that use case. It also doesn't provide any value for those that want to validate the subject descriptor. So I propose removing that exception from the spec.
The changes to the conformance tests can be gated behind configuration variables if registries have the option to validate the subject field in a future version of the spec.