dlorenc

Thanks! Would you like to try fixing this? It should be as simple as modifying the Dockerfiles in https://github.com/GoogleContainerTools/kaniko/blob/master/deploy/Dockerfile

Hmm, if you mount it in as a volume during the run (either docker or k8s) then it should not get overwritten. Would that work for your use case?

> The current proposal adds a singular `reference` to descriptors and image/index objects. I think this is cleaner in most cases, but it's not as concise as a list of...

> A few that I can think of based around the image signing work. > > 1. A key nears it's expiration, a new key is generated, and the new...

> this is no longer something we can shoehorn into existing registries, so we may as well come up with the solution that makes the most logical sense. This proposal...

Wait - I think I misunderstood what you're saying about the "list attached objects" API. To make sure I understand: My proposal currently returns a list of "pointers" to attached...

Right - I think the two are actually complementary. The only challenge I can think of here with inlining data in the list response will be clients now knowing what...

> One may need to reference multiple descriptors from one descriptor. Two use cases I can think of is multiple SBoMs and multiple signatures establishing a chain of trust. I...

> I'm not following the logic to artificially constrain future expansion of this based on the use cases we see today, I'd flip this around. Concrete use-cases don't add artificial...

> Are you expecting the proposed [artifact manifest](https://github.com/opencontainers/artifacts/pull/29) to solve the problem of top-down linking? I wonder then why one would need the "bottom-up" linking in this proposal. I'm not...