You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As part of the Independent container updates, we should now verify at runtime that a provided image matches our expectations. Right now, the way of doing this is by comparing the tag against the expected one, stored in share/image-id.txt.
Images will be signed with cosign sign and as such, signatures will be available on the container registry.
We should provide a way to store these signatures locally and check them against a public key. The image should be verified before each docker/podman invocation, to avoid using an unsigned image.
The text was updated successfully, but these errors were encountered:
almet
added
the
icu
Issues related with independent container updates
label
Jan 30, 2025
As part of the Independent container updates, we should now verify at runtime that a provided image matches our expectations. Right now, the way of doing this is by comparing the tag against the expected one, stored in
share/image-id.txt.Images will be signed with
cosign signand as such, signatures will be available on the container registry.We should provide a way to store these signatures locally and check them against a public key. The image should be verified before each
docker/podmaninvocation, to avoid using an unsigned image.The text was updated successfully, but these errors were encountered: