Asaf Algawi

One of the scenarios I was thinking about is having permission separation. Most or all registries do not permit pushing of SBOM or similar artifacts to registry without giving full...

TBH my use case was mainly concerning the approach where you actively refer to the alternate repository. But I must say the docs to not make it clear that this...

If this is the case, it means that I can't rely on the fact that the reference will remain there as time passes?

Hi @susanshi, thanks for the reviewing the proposal and for the update :)

@susanshi I've updated the proposal based on our conversation, also added two implementation proposal. a "simple" one which theoretically impacts Ratify's scalability, the second, a bit more complex, which affects...

Great I'll start with a POC for option 1 Get Outlook for Android ________________________________ From: Akash Singhal ***@***.***> Sent: Wednesday, October 16, 2024 8:36:54 PM To: ratify-project/ratify ***@***.***> Cc: Asaf...

It is hard to imagine a scenario where this setting is not applicable for a given artifacts type. If we assume that each artifact is complete and correct, there is...

@binbin-li wouldn't a better fit in this scenario is to validate all referenced signatures until the first match ? I mean the order here does not really matter, but from...

> note from the community meeting discussion. This should be feasible based on spec at https://github.com/oras-project/artifacts-spec/blob/main/manifest-referrers-api.md#sorting-results. We do have a question, if this new configuration is applicable to all artifact...