openscap-daemon icon indicating copy to clipboard operation
openscap-daemon copied to clipboard
verified publisher icon OpenSCAP

When pushing SPC openscap-daemon Docker images to Docker hub, please sign them

Open iankko opened this issue 9 years ago • 1 comments

Docker starting from 1.8 introduced concept of Docker Content Trust (The Update Framework):

  • https://blog.docker.com/2015/08/content-trust-docker-1-8/

which allows images to be signed when publishing to Docker hub. The consumers can later verify the producer of these images (prevent also image forgery, image replay attacks etc.)

We should start using this functionality when creating openscap/openscap-daemon-* SPC containers:

  • https://hub.docker.com/r/openscap/openscap-daemon-f23/
  • https://hub.docker.com/r/openscap/openscap-daemon-f22/

This is more RFE, than a real bug.

iankko avatar Apr 25 '16 12:04 iankko

I suggest closing this ticket as we don't publish SPCs on Docker Hub anymore, instead there is a container in Red Hat Registry.

jan-cerny avatar Jun 08 '17 08:06 jan-cerny