-
Epic
-
Resolution: Duplicate
-
Normal
-
None
-
rhel-10.0.beta
-
[RHEL EPIC] Adopting Sigstore for Containers - RHEL 9.5
-
-
Red Hat Enterprise Linux
-
rhel-sst-container-tools
-
False
-
-
Dev ack
Epic Description
Begin using Sigstore signatures for container signing in RHEL / UBI.
Detailed Sigstore rationale and background here.
There is no work here for the Development Team, this is mostly work for packaging, and possible work for QE and Documentation.
SME: Miloslav Trmac
Goals
Adopting sigstore for signing RHEL/UBI based containers provides a more ergonomic experience for users and is in line with wider container-signing plans.
RHEL/UBI 7/8/9 will continue to have simple-signatures. RHEL 10 images would be sigstore only.
Note: simple-signing code will not be removed from RHEL container tools, so any user re-signing workflows will continue to function.
Requirements
All supported versions of RHEL container tools in RHEL and in layered products must have the code paths and correctly configured policy in order to use UBI10 containers from RHEL9 based systems.
(Optional) Use Cases
Out of Scope
Background, and strategic fit
Assumptions
Customer Considerations
Documentation Considerations
Interoperability Considerations
Questions
Question | Outcome |
- clones
-
RHEL-33555 [RHEL EPIC] Adopting Sigstore for Containers - RHEL 9.5
- Closed