As background, I talked with rochacbruno@redhat.com and rhn-support-ebock about this in Slack: https://redhat-internal.slack.com/archives/CBPKRHHG9/p1750941215636419

We currently sign a combination of container name + tag, but we do not sign the digest. This has the effect of invalidating the signature when a new tag is added to the same container. I've already opened an RFE to GUI changes in https://issues.redhat.com/browse/AAPRFE-2218.

I'd like to request two improvements:

1. Can we move to signing the digest of a container image and not the name + tag?
2. In the current GUI when I choose to sign an EE container image it signs all name+tag combinations at once. This could be a security problem.

Say that a bad actor manages to upload a container image which has the same name and just a new tag as an existing signed image. Now that image won't be signed until an admin signs it. This is ok since this malicious image wouldn't pass a signature check.

Now an admin comes and upload a newly tagged image and clicks the sign button. This would sign both his image and that of the bad actor. Now we have a malicious EE in the system that people may trust.

Perhaps we can add the granularity to sign specific name+tag combinations?

At the end of the day, if we implement #1 we could avoid these problems.