Brandon Mitchell

Definitely agree that an implementation would be useful. Summing up my comments from slack: I'd avoid doing this in registries that tend to avoid complex processing. If this is going...

This needs a signoff to pass the DCO check. I'm leaning towards approving it, but I'd like to first check if the major registries already require it, or that no...

We brought this up in today's call and it got a NACK from several maintainers. Registries can enforce this since it's a SHOULD today, and clients SHOULD include it and...

OCI added [warning headers](https://github.com/opencontainers/distribution-spec/blob/v1.1.1/spec.md#warnings) in a recent release that could be useful for implementing this feature.

Thanks. That's easy enough to permit. Let us know if #541 resolves it for your registry.

> I assume the `MUST be equal to the client provided digest` is the value of the reference. The clarifications needed are: > > 1. In case the reference is...

> I am proposing that the client provide the expected digest (while uploading a manifest by tag) by either adding a header to the request `Docker-Content-Digest: sha256:deedbeef...` or to the...

In addition to supporting the push of manifests by tag with a non-canonical digest algorithm, I think we need similar support when a blob is pushed with the digest only...

I'm still able to reproduce this in v2.1.10 by giving an artifact with a subject multiple tags.

The referrers response doesn't include tags, only the digest in the descriptor, so the same descriptor is listed multiple times. I don't think there's anything in the spec that says...