Stephen Day

@philips Check out the [advanced documentation](https://github.com/docker/notary/blob/master/docs/advanced_usage.md). It demonstrates the use of a text file. For signatures, the key will be to focus on the signing target, be it a primary...

One time artifact generation with unattached signatures is the sweet spot for content addressable, sign-able content. Anything else creates too high of an engineering burden to maintain flexibility under future...

@philips According to the [proposal](https://github.com/opencontainers/tob/tree/master/proposals/image-format#initial-recommendation), this is part of the 1.0 specification. While it is optional for implementors, that proposal is unclear whether it is optional to specify the features...

I can't stress the importance of https://github.com/opencontainers/image-spec/issues/22#issuecomment-252031942 by @vbatts. For signatures to work and be compatible across implementations, we need to define two aspects: 1. What is the scope of...

To implement full gc, you really need to have knowledge of all the stored formats. It is a little unfortunate, but not entirely impossible implement in a DAG visitor model....

> How to explicitly describe that the blob does not depend on anything? IIUC an empty references cannot be used for that purpose, because it would means "media-specific" I'm not...

@vsoch I'm a little confused on what youre actually proposing. What problems does this solve? What changes are required in OCI?

While healthcheck is a part of docker images, I don't think the design has proven to be very effective. We've had a number of bugs in docker due to the...

There should be no validation of annotation data. Either way, the platform dispatch case is why you would want manifests with different names. @cyphar I may be misunderstanding something. Could...

@cyphar In general, the proposal to validate the contents of annotation field is a non-starter. Annotations are functionally meaningless from the point of the view of the specification. It is...