Stephen Day

I've seen a similar issue: ``` panic: protobuf tag not enough fields in FileDescriptorSet.state: goroutine 1 [running]: github.com/gogo/protobuf/proto.(*unmarshalInfo).computeUnmarshalInfo(0xc000090820) /go/src/github.com/gogo/protobuf/proto/table_unmarshal.go:341 +0x17fb github.com/gogo/protobuf/proto.(*unmarshalInfo).unmarshal(0xc000090820, 0xc00008a5c0, 0xc000320000, 0x4752, 0x4952, 0x40c338, 0x20) /go/src/github.com/gogo/protobuf/proto/table_unmarshal.go:138 +0xe13 github.com/gogo/protobuf/proto.(*InternalMessageInfo).Unmarshal(0xc000077940,...

Are we interested in dependency or history? The main issue with dependencies is that it requires a way to merge configuration. This is much easier if this merge is done...

@philips So, does this become a side-chain? Where does that reference land?

@kamalmarhubi So, are you willing to trust the metadata indicating which version of libssl is present in the image? [Deep scanning](https://blog.docker.com/2016/05/docker-security-scanning/) is the only way to guarantee this. > Another...

> I would argue if you can't trust the metadata of the person pushing the binary then you shouldn't trust the binary either. While my statement above mentioned trust, this...

@vbatts It might be okay to include a parent reference. There is already a history of rootfs diffIDs. I think if we clarify whether these dependency references are to manifests,...

@RobDolinMS I'm not sure that #554 covers what I was looking for. I think this one is on my plate, but it will have to come after 1.0.

@WhisperingChaos "Classically", `history` has been a component of container images. The implementations embedded lineage directly in the format. However, these features come at great cost in distribution, security and runtime...

@WhisperingChaos We already have this DNA: the components of an image are content addressable. Links between components use these content addresses to maintain these relationships. Fields like ChainID, Parent, and...

@vbatts I did not intend for these to be related. #600 is just "append a string to keep us all sane". I still attest that we have the necessary _structural_...