Details
-
Bug
-
Resolution: Done
-
Blocker
-
2.0.1.GA
-
None
Description
In order to avoid supply chain attacks against the operator, and allow repository mirroring, references from the packagemanifest in OCP OLM should be by digest, not by tag.
See:
http://post-office.corp.redhat.com/archives/openshift-sme/2019-October/msg01569.html
Attachments
Issue Links
- causes
-
CRW-733 Rebuild registries and operator metadata images for all new quay.io builds
- Closed
-
CRW-668 Provide orchestration job to trigger all CRW images
- Closed
- is blocked by
-
CRW-214 Create jenkins job to build CRW containers outside Brew (with sed transforms) and push to Quay directly
- Closed
- is related to
-
CRW-914 Push OSBS jobs to Quay broken (cannot rpm update skopeo to >=0.1.40)
- Resolved
- links to