Brandon Mitchell
Brandon Mitchell
> The hosted requirement causes a lot of confusion and I think it makes sense to remove it from L2. What happens to it then, though? I think we can...
> Accessing the SBOM and attestation references requires manually constructing the registry references with string interpolation. If I understand the concern correctly, storing metadata using the cosign tags is considered...
@opencontainers/runtime-spec-maintainers PTAL
With the 1.1.0 release, I believe we can close this out. My apologies that we weren't able to make an interim release happen.
I'm fine with removing ChainID, but not the config.rootfs section. That would result in a non-unique Image ID, breaking downstream consumers including Docker and Kubernetes.
> It's been a while since I looked at the specs in enough detail ... but is this still true in our new containerd world? See https://github.com/opencontainers/image-spec/pull/1173
> We should do this otherwise any innovative work to move away from the layer model will require having a "non-compliant" image config. The rootfs section should not be removed...
I'm really torn on this one. Lots of registries have various restrictions, like character restrictions on user names, that impact the repository name in a way I don't think we...
Perhaps an implementers note for registries. They should avoid allowing repositories plus a hostname more than 255 characters long to support older clients. And clients should avoid length limits to...
Thinking about the value this gives me, I'd phrase this as wanting a "well maintained and properly secured build server". We can this list examples of what we consider typically...