yizha1
commented
1 year ago @akashsinghal Notation switched the default signature manifest from OCI artifact manifest to OCI image manifest since Notation RC3 release, so, for users using Notation RC1&RC2, signatures were stored using OCI artifact manifest. The recommendation is that Ratify continuously supports verifying signatures using OCI artifact manifest, which is also the current behavior of Notation. This can minimize the impact on existing users.
akashsinghal
What would you like to be added?
OCI Artifact has been removed from OCI Image spec 1.1.0 rc.2 and onwards. Ratify should no longer support this.
We have set the groundwork for this in #923 & #928
This change will require bumping image spec to 1.1.0-rc4 and removing logic in plugin downloads and ORAS store for accepting manifests of mediatype OCI Artifact
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?