Ramkumar Chinchani
Ramkumar Chinchani
Not just the GC case, one could also DELETE a non-existent blob. This looks reasonable.
A cve scanner is a golang interface. https://github.com/project-zot/zot/blob/main/pkg/extensions/search/cve/cve.go#L32 High-level tasks for this. [ ] implement a new scanner with this interface [ ] check how it affects configuration model [...
https://github.com/google/osv-scanner
url field as it is used currently is potentially dangerous if pointing to a malicious source. One suggestion was to move the url under annotations just to satisfy regulatory requirements...
At least in the signature case, then one would have to push manifest (by digest) first, push the signature and then push the tag. However, would signature be able to...
Maybe this becomes a SHOULD. However, the following is a legitimate use case (cc: @sajayantony) > Ensuring metadata (like signatures) are available when the manifest is pushed for end users...
Yes, it may not be too bad in reality. Will let @sajayantony @sudo-bmitch weigh in on this one. Thanks for running the conformance tests, btw.
@tianon > upload image signature (subject -> image manifest, by digest) > update/add tag to point to new digest, signalling that the image is "ready" for use > (but not...
FWIW, putting some thoughts down ... 1. Related artifacts may be built and pushed from different CI pipelines and even different cloud providers (looking for best-in-class). Strong consistency requirements means...
@rgl sorry, could you rebase and push pls.