Uploaded image for project: 'OpenShift Runtimes'
  1. OpenShift Runtimes
  2. RUN-1880

Full OCI 1.1 image-spec and distribution-spec support

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • False
    • None
    • False
    • sst_container_tools

      OCI image-spec and distribution-spec 1.1 release is imminent.

      • The distribution spec requires (“MUST”) clients to add compatibility code to support “subject”/“referrer”s for pre-1.1 registries. (This is potentially relevant for signatures, SBOMs, attestations and the like, I’m not sure how much it is used in practice).
      • We should probably add support for storing sigstore signatures with the “subject” feature (assuming cosign does support that)
      • The image spec has added requirements about preserving unknown fields and not failing when encountering unknown MIME types. We probably need a code audit, and perhaps unit tests.

      See the checklists in https://github.com/containers/image/issues/2030 for more details.

      (The comparatively low-hanging fruit is https://github.com/containers/image/pull/2062 .)

            Unassigned Unassigned
            rhn-engineering-mitr Miloslav Trmač
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: