Steve Lasker
Steve Lasker
`list` would be the entire list of signatures for an artifact, while `inspect` would be details on a specific signature.
> So is the proposal to keep the public key in the repository/registry? It's been a discussion, but I think that kinda defeats the two-key/2fa effort, and don't believe this...
I've updated the title and description to clarify the scenario a bit more.
I've added [Balancing Security and Usability](https://github.com/notaryproject/notaryproject/discussions/159) for reference
How about `cncf.oras.*` What are these used for?
Of course, I'd like to see #178, but I wouldn't block and seems you can use `cncf.oras`, however that does presume the project is accepted, so I'd suggest holding this...
Just a clarification that we'll need to maintain support for ORAS artifacts, until all registries have migrated to the OCI Artifact spec. 1. Check if `/referrers` is supported (best future...
Ok, so much for accidental clicking. Where's the undo?
The lack of a vote, due to not having time to engage, or silent vote=no is strange. To not have the public vote, due to lack of interest is valid....