Sajay Antony
Sajay Antony
Post call @toddysm and I discussed the issue of cert add without a scope. Basically what is the use of having a certificate without a scope. For example `notation cert...
The az acr login just invokes docker login with an EMPTY guid username and the token that you can obtain through `--expose-token`. Does dobi and docker CLI use the same...
@konstantinblaesi I was able to test this with a private ACR. If there is an updated tag then dependabot-core is able to access the registry/list tags and also show the...
@pavera I tested with admin creds first and then moved onto AAD - 1. SPN (AppId and password) ``` az ad sp create-for-rbac -n "sajaya-dependabot-testuser" --role "Contributor" \ --scope $(az...
@jeffwidman - Could you clarify this ? > From looking at the HTTP header replies from ACR, they don't return a OCI-compliant WWW-Authenticate header pointing to a token server. What...
I think it would be helpful to output the full descriptor to a file. without that how is the user planning to use this ? /cc @shizhMSFT We can however...
@shizhMSFT @FeynmanZhou - it would be good to start discussing how the ORAS CLI and library can start thinking about using the OCI artifact manifest as well. Having it default...
Yes I understand the decision. I’m asking how do we plan to change the default to use the OCI manifest if that would become the preferred way. Basically consider how...
Should we decide if this is the roadmap or not and close the PR?