-
Epic
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
Signature Mirroring
-
False
-
-
False
-
Not Selected
-
To Do
-
OCPSTRAT-1869 - [Phase 1: Cosign tag-based discovery] oc-mirror v2: Discover and mirror SigStore-style attachments
-
OCPSTRAT-1869[Phase 1: Cosign tag-based discovery] oc-mirror v2: Discover and mirror SigStore-style attachments
-
100% To Do, 0% In Progress, 0% Done
-
---
-
---
Open Questions:
- Verifying Third-Party Image Signatures: Support verifying the authenticity and integrity of the non-Red Hat (third-party) image signatures using the public keys.
Question 1: How complex would it be to allow users to specify the location of their public keys in the configuration file or pass them as arguments?
Question 2: Is it oc-mirror going to copy the certificate/public key as a resource to the cluster resources folder and ask the customer to apply them?
Question 3: How about certificates?
- Catalog images signatures: scenario when we rebuild the catalog
Question 1: The signature of the catalog rebuilt is not like the original one since we changed the image completely, how is it going to work? Is the cluster going to fail because the signature is not the one expected?
- Support the future OCI 1.1 referrer-based approach:
Question 1: Is the container image prioritizing this implementation on their side? Do we already have the Jira issue about this implementation?
- is depended on by
-
-
- New
-