Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chains should sign and attest to all Image Manifests in an Image Index #1070

Open
arewm opened this issue Mar 11, 2024 · 1 comment
Open

Chains should sign and attest to all Image Manifests in an Image Index #1070

arewm opened this issue Mar 11, 2024 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@arewm
Copy link

arewm commented Mar 11, 2024

Feature request

If Chains is provided with an Image Index to sign and attest, it should recursively perform this same behavior for all referenced Image Manfiests as well.

Use case

In order to improve the experience for increasing supported architectures for images, some build tasks may choose to always produce Image Index OCI artifacts even if there is only a single architecture referenced. As architectures are added to the Image Index, the Image Manifests should be signed without requiring that the specific pullspecs are included as results on the pipeline.
@arewm arewm added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 11, 2024
@lcarva
Copy link
Contributor

lcarva commented Mar 11, 2024
edited
Loading

+1

This was discussed in chat a few days ago. The only concern raised was that this behavior should be behind a flag, at least initially.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lcarva @arewm