Pritesh Bandi

Whats the difference between this and https://github.com/notaryproject/notation/issues/240?

Having different defaults for different configurations will be confusing and cumbersome for customers/users. I think a setting like `configuration-behavior` with the default of `user` makes sense to avoid mis-configuration. If...

From security perspective Scenario 1 - works with user specific policy Scenario 2: works with user specific policy Scenario 3: - Can this work with specific user policy? usually dedicated...

As per discussion in Notary v2 meeting on 10/17 for RC1 we will only support user level config and punt system level config for RC2. Reason: We don't have a...

- [ ] We also need to make output script-friendly. - [ ] Comment 1 - https://github.com/notaryproject/notation/pull/373#discussion_r995365764 - [ ] Comment 2 - https://github.com/notaryproject/notation/pull/373#discussion_r995378752 - [ ] Account for both...

Isn't this proposal a variation of TOFU, consumer decides trust based on some property configured in the artifact. Also, I have a similar question as that of Samir's How will...

cc: @ianjmcm, @shizhMSFT

> This PR is on top of #167

Merged https://github.com/notaryproject/notaryproject/pull/193 and https://github.com/notaryproject/notation-core-go/pull/72

latest spec: https://github.com/notaryproject/notaryproject/blob/main/signature-specification.md#certificate-requirements