Brandon Mitchell

I'd say this applies not only to clients verifying signatures, but also to ephemeral CI build nodes that are signing images. At least some users will perform the signing as...

Updates to scenario 11 LGTM. It does a good job focusing on the goal without the implementation (e.g. we don't say the chain must be stored in the registry).

Revisiting the priority ordering discussion, it might help for me to write out my scenario for why I don't see the value of the priorities and perhaps @mnm678 can describe...

@mnm678 at any one time, a tag will only point to a single digest from the registry. (It gets more complicated than that with multi-platform images, but I don't think...

At least with the next release, I don't think there will be any tag signing guarantees (which makes me push back if we try to call it GA). When we...

The scenarios are close enough, and I'm involved enough with the rest of the spec process, that I'm fine if this gets closed. The difference to me is in implementations....

I don't know a good way to differentiate between an expected exit, an unexpected exit, and a container that hasn't started yet. PR's welcome, but it should gracefully handle the...

It's not really a hash collision. A hash collision would be the reverse of this: two different images with the same hash. Since the hash is on json, and there...

Since this involves creating a tempdir, writing a binary, and executing that binary with an interpreter, ideally this would only be called once, and only if needed for a user...

> The line you linked only gets called once on daemon boot. Yup, but it did the same work on line 699 if it wasn't cached already (which it wouldn't...