►
From YouTube: CNCF Notary 2020-06-01
Description
CNCF Notary 2020-06-01
A
A
A
B
Cool
we
have
Steve
Miller,
Slav
and
Samuel
here
have
been
probably
the
three
most
active
people
and
writing
comments
in
the
document.
So
that's
really
good
to
see
because,
as
I'm
sure
you
all
have
seen,
we've
just
gone
and
tried
to
resolve
a
bunch
of
those
and
I
also
want
to
thank
others.
I
see
a
lot
of
other
folks
that
are
on
this
call
is
also
having
helped
out
and
mention
things
here
in
there
that
we
we
took
a
look
at,
but
I
think
you
know.
C
B
B
There
is
one
I
know
we're
still
kind
of
waiting
for
people
to
show
up
so
I'm.
You
know
before
kind
of
like
launching
in
with
a
lot
of
detail.
I
will
say
that
there
is
one
change,
that's
been
on
the
surface,
moderately
substantive,
but
isn't
particularly,
which
is
that
we
were
discussing
a
mechanism
to
provide
a
property
we
needed,
and
when
we
went
back
to
look
at
that
mechanism,
we
decided
that
we
just
wanted
a
simpler
mechanism
that,
for
the
purposes
of
notary,
would
do
exactly
the
same
thing.
B
For
this
we
realized
that
those
use
cases
were
not
as
pressing
or
important
and
that
really
the
case
that
was
needed
for
notary
v2
and
pipey
I
together
was
really
the
only
case
that
mattered
and
so,
as
a
result,
we
were
able
to
do
a
much
simpler
design
and
I'm
really
glad
to
see
Evan
joining,
because
I
think
he
was
involved
with
the
original
tap
v
proposal.
That
we
ended
up
at
least
the
current
thinking
is.
B
A
B
Right
so
we
tried
to
look
through
the
scenarios
and
understand
how
a
design
would
fit
in
to
that
and
I'll
start
to
talk
through
some
of
those
cases.
Some
of
the
problematic
scenarios
that
people
have
brought
up
in
a
moment
I
do
have
one
more
like
very
minor
kind
of
housekeeping
thing.
I
wanted
to
mention,
which
is
that
in
a
few
places
in
the
text,
you'll
notice
there's
a
little
bit
of
orange
text.
This
is
text
that
has
been
added
in
lieu
of
something
that
we're.
B
B
B
I
forget
someone
pointed
it
out,
but
the
the
thing
that
was
that
was
questioned
about
is
when
the
targets
metadata
points
to
a
specific
location
for
an
image
like.
If
you
imagine
that
the
thing
the
target
refers
to
isn't
isn't
just
like
the
name
of
a
piece
of
content,
but
is
a
URL
to
a
piece
of
content.
So
it's
not
like
a
file
like
it's
not
like
it's
like
a
fully
qualified
domain
name,
rather
than
like
a
relative
path
to
data.
B
There
has
to
be
a
way
to
address
this
and
there's
a
couple
of
ways
to
address
this
I
think
this
is
a
problem
both
and
it's
a
problem
today,
notary
v1
and
the
reason
why
I
think
that
this
typically
isn't
a
problem
for
other
tough
deployments
is
I,
don't
believe
other
tough
deployments
you
URLs
when
they
refer
to
things,
I,
think
fully
qualified
domain
name
style,
URLs,
I,
think
everything
is
always
done
in
a
way.
That's
that's
like
absolute
to
data
storage.
That's
on
the
system
that
you're
going
in
like
retrieving
from
or,
alternatively
there's.
B
Like
elsewhere,
and
it's
some
distant
URL
because,
like
the
more
typical
way
would
be
to
just
mirror
like
mirror,
is
the
wrong
word,
but
to
copy
all
the
content
over
in
and
by
the
way,
and
also
just
sort
of
references.
If
anybody's
trying
to
like
like
look
at
this
and
wants
to
read
something
other
than
what
I'm
you
know,
the
words
coming
out
of
my
mouth
there's
a
section
here:
copying
images
to
a
new,
perhaps
private
registry,
or
mirror
that's
about
2/3
or
maybe
halfway
through
the
document.
That
also
describes
this
process.
A
A
A
You're
right,
the
packages
that
are
referenced
are
decoupled
from
the
package
manager
at
references,
and
we
see
this
more
and
more
as
more
of
these
package
managers
are
being
stood
up
for
private
package
management
with
NPM
and
may
have
been
and
so
forth.
So
what
it
allows
is
it
allows
me
to
reference
something
as
a
deployment
and
then
is
a
separate
configuration
say
by
the
way.
I
want
you
to
get
that
package
from
this
other
package
manager
or
registry.
A
So
you
can
interchange
those
words,
because
that
is
the
root
of
the
problem
that
we've
been
avoiding.
It
comes
up
in
a
couple
different
ways
when
we
talk
about
everything
from
layers
to
signatures,
to
even
things
like
helm,
charts
and
so
forth,
because
the
fully
qualified
names
are
baked
in
and
what
I'm
just
wondering
you
know
it's.
It's
totally
bubbling
up
because
the
problem
I'm
trying
to
totally
bubble
it
up
because
we
seem
to
be
continue
to
try
to
design
without
understanding.
D
B
One
is
is
that
you
need
to
know
where
to
actually
go
to
get
the
damn
thing
and
two
is
usually
you're
relying
on
HTTPS
to
go
and
give
you
the
thing
that
in
a
way,
that's
trustworthy,
but
you
don't
need
the
second
property
here,
because
you
already
have
a
secure
way
of
knowing
what
the
secure
hash
of
the
thing
is.
That
you're
retrieving.
Is
you
already
have
a
like
a
signature
over
over
the
hash
of
the
thing
that
you're
gonna
get?
B
So
you
don't
need
to
worry
about,
have
I,
you
know,
am
I
being
given
the
wrong
thing.
Then
it
just
becomes
a
problem
of
given
this
name.
How
do
I
know
where
to
get
it,
and
so
for
the
offline
Mir
case
this
concept,
where
you
know
you
could
go
and
someone
could
say
hey
to
get
these
target
names.
I
have
these
target
names
like
so,
if
you're
trying
to
request
this,
this
string
come
here
and
I
will
give
it
to
you
and
it's
you
know,
because
you
know
the
size,
you
know
the
hash.
B
A
You
can
continue
to
bury
it
down.
Well,
at
the
end
of
the
day,
they
don't
really
care.
It
came
from
MC.
Are
they
care
that
it
came
from
Microsoft
or
that
came
from
a
bun
or
it
came
from?
You
know,
Adobe,
whoever
the
and
then
you
have
the
other
aspect
of
it,
that
inside
of
a
deployed
environment,
the
environments
locked
down
their
network
to
be
the
to
the
sources
they
trust.
A
It
pulls
it
from
is
something
we
don't
deal
with
today
in
registries,
customers
have
hacks
that
they
kind
of
make
up
their
own
design
around
it,
but
and
then
have
a
third
entity
that
says
by
the
way,
regardless
of
where
you
got
this
thing
from
here's:
a
collection
of
the
people
that
have
attested
to
this
content,
so
it
could
be
Microsoft.
It
could
be
my
within
my
canto,
so
company,
it's
the
test
environment
signed
off
to
this
content.
B
I
mean
so
all
the
things
you
described
here
can
be
done
like
are
done
basically,
assuming
once
again,
you
have
this.
You
know
this.
Whatever
way
this
is
name
mapping
you
want
to
have
work,
it
works
just
fine
here.
The
the
you
know,
one
thing
I
would
say,
though,
is
just
to
be
clear.
So
in
general,
the
way
you
need
this
to
work
for
security
is
you
need
to
figure
out
for
my
namespace?
What
are
the
who,
like?
What
are
the
you
know?
B
Should
this
thing
be
in
my
name,
space
based
on
who
trusts
and
what
I
said
is
supposed
to
happen
right
and
if
there
are
other
signatures
and
things
that
aren't
related?
Maybe
someone
at
some
point
cares
about
this
or
you
need
a
way
to
look
this
up,
which
is
all
very
possible
to
do,
but
it's
it's
sort
of
not
as
prevalent
for
you
verifying
a
file
if
random
party
X,
who
you've
never
seen
and
never
heard
of
signs
an
image.
B
So
we're
not
kind
of
you
know
we
wouldn't
be
providing
all
the
signatures
on
an
image
basis,
because
this,
what
we're
proposing
here
doesn't
store
signatures
on
a
per
image
basis.
It's
you
know
the
way
that
you
and
other
parties,
you
know.
Basically
the
you
know
like
the
you
or
your
organization,
sets
up
your
namespace
for
tags
and
everything
like
this,
and
then
you
only
use
the
metadata
the
targets
metadata
and
things
you
know
for
those
things
that
are
in
your
namespace
that
you're
gonna
be
using.
B
A
The
part
that
I'm
not
sure
I,
fully
understand
that
I
understand
the
analogy,
because
I
think
one
of
the
things
I
continue
to
hear
is,
and
we've
been
trying
to
solve.
This
impedance
mismatch
up
conversations
at
times.
So
it's
like
I'm
trying
to
stand
we're
about
tough
you're,
trying
to
say
more
about
how
the
registry
stuff
works
and
the
the
there
seems
to
be
an
over
a
big
focus
on
package
managers
which
are
all
public
and
they're.
A
Slowly,
learning
they're,
not
slowly,
learning
they're,
slowly
becoming
more
and
more
private,
copies,
see
more
and
more
investments
being
made
and
how
companies
could
have
private
NPM
as
mavens
and
so
forth,
but
the
the
general
pattern
people
use
are.
These
are
publics
and
I
kind
of
have
a
mirror
concept
in
container
registries
because
they
are
we've
shifted
from
package
managers
that
are
part
of
a
development
resource
that
are
more
upstream
and
it's
not
as
critical
that
they're
as
reliable
as
trusted
and
so
forth,
as
opposed
to
production,
where
they
actually
must
be
critical.
A
I
will
not
have
them
being
anywhere
else.
That's
but
that's
public
and
if
I'm
still
referencing
it's
because
somebody
hasn't
realized
it
yet
so
in
the
container
registry
space
it
is
much
more
focused
on
signing
that
individual
artifact
that
says
I
trust
it
for
my
environment
now
I
also
want
to
know
it
came
from
a
trusted
entity.
So
there's
two
aspects
of
it,
so
I
I
think
it.
B
A
question
so
you
know
I
think
the
thing
that
that
it
has
been
the
stumbling
block
here
is
is
that
you
could
separately
upload
every
single
signature
you
make
for
every
single
image
in
some
way,
which
is
basically
what
what
you're
proposing
is.
You
signed
some
piece
of
metadata
that
you
upload
the
assignments
or
you
could
sign.
You
could
send
a
piece
of
meditated
says
these
are
the
signatures
that
I've
made
and
what
we
describe.
B
Other
people
probably
have
other
things.
I
think
you
know,
I
I
think
we
would
be
happy
to
talk
more
with
you
about
that
case
and
for
others
that
are
interested
in
and
have
that
same
that
same
kind
of
question.
We
could
talk
about
it,
but
we've
also.
Maybe
should
you
know?
Actually
they
talk
through
a
broader
set
of
the
questions
that
people
have
so
Samuel
I.
Think
your
comment
you're
indicating
that
option
one
is
something
that
like
Amazon,
wouldn't
use,
which
I
think
makes
a
lot
of
a
sense.
This
is
this
option.
B
C
B
B
B
But
are
you
in
this
case?
Are
you
trying
to
say
you
want,
like
some
other
type
of
metadata
like
in
toto
metadata
or
like
s
bomb
or
something
like
this?
That
is
used
as
part
of
the
trust
that
isn't
tough
or
are
you
I'm
or
maybe
I'm,
just
confused
in
general?
Like
do
you
mean
a
root
file
or
something
like
this
or
like?
What's
the
I'm
just
slightly
confused
about
the
point
you're
making.
D
I'm
not
even
if
that
helps
what
I
hear
is
that
customers
want
or
imagine
they
want
to
make
a
copy
of
a
public
image
signed
by
the
entity
who
created
the
image
and
interlock
Luminara
to
add
an
extra
signature
to
indicate
a
dissymmetry
salute
for
for
private
use
for
a
within
the
company
now
I'm,
not
hugging
and
salt
or
other
issues
of
values
of
signatures,
because
you
have
to
do
it
and
difficulties
with
revocation.
But
that's
what
I
hear
that
customers
imagine
using.
B
D
D
B
That
that's
not
difficult
like
the
in
in
tough.
You
would
never
get
rid
of
the
original
signature
like
it's
not
like,
there's
a
place
where
you
have
to
put
a
signature,
and
you
have
to
pick
Alice
or
Bob.
Its
Alice
has
a
metadata
file
where
she
signs
things
and
Bob
has
a
metadata
file
where
he
signs
things
and
so
in
what
you
would
do
in
the
tough
cases.
You
would
have
it
where
you
would,
you
would
go,
and
you
would
say
well,
both
Alice
and
Bob
have
to
sign
it
right
and
that's
like
I
said.
B
D
C
A
A
I'm
not
sure
if
a
mirror
like
it
it'll
be
interesting
for
us
to
think
about.
If
mirror
is
something
we
really
want
to
do
like
we,
we
tend
to
move.
Oh,
we
recommend
away
from
mirrors
because
the
stability
issues,
but
if,
if
you
would
didn't
use
the
word,
mirror
and
said
I
copy
that
Ubuntu
image,
that's
signed
by
bun
too
and
still
valid,
but
the
new
version
of
it
I
have
not
verified
works
in
my
environment,
my
being
my
company,
so
the
contoso
company,
so
inside
contoso.
A
I
want
to
know
that
that
updated
image
that
I
copied
to
my
private
registry
or
my
even
might
might
be.
My
corporate
private
registry
I
made
sure
that
that
happened
to
image
passes
all
the
certifications
inside
the
contoso
company.
If
it
does
I
put
a
contoso,
you
know
corporate
signature
on
it.
That
says
passes
you
know
whatever
and
then,
because
there
happens
to
be
in
a
bun
to
image.
You
know
the
assumption
is
somebody's
gonna
put
something
on
it.
The
Java
team
inside
of
our
company
builds
the
Java
Runtime
they
put
on
it.
A
They
sign
it.
So
now
it's
got
a
bunch
of
signature,
it's
got
a
contoso
security
signature,
it's
got
a
Java,
Runtime
signature
and
then
the
individual
teams
that
write
apps
that
deploy
on
top
of
that
Java
Runtime,
say:
they've
tested
this
in
this
environment
so
that
by
the
time
it
gets
to
the
AKS
or
the
kubernetes
environment.
There's
a
configuration
there
that
says
in
this
kubernetes
environment
it
must
be
signed
by
Ubuntu,
contoso,
Corp
and
the
web
analytics
team.
That's
deploying
that
particular
image.
B
Right
and
you
can
do
all
of
that
in
several
ways
with
with
top
you
can
literally,
if
you
want
to
put
things
in
separate,
tough
repos,
you
can
say
like
this
tough
repo
and
that
tough
repo,
the
metadata
there
has
to
agree
or
you
can
go
in
and
have
your
targets
metadata
inside
of
a
single,
tough
repo,
where
you
keep
that
all
that
metadata
together.
So
there's
there's
multiple
different
ways
to
do
it,
depending
on
exactly
what
you
want
to
do.
It's
it's
very,
very,
very
much
supported
and
there
are
options
yeah.
B
B
If
people
can,
you
know,
continue
to
add
comments,
or
things
like
that.
We'll
put
some
mention
of,
for
instance,
the
use
case
that
the
scenario
that
Steve
Lasker
posted
in
the
zoom
group
chat
and
others
like
that
and
try
to
make
those
clearer
in
the
document
to
make
sure
we
haven't
missed
anything,
and
you
know
I,
think
that
you
know
I've
been
encouraged,
though,
from
what
I've
seen
from
people's
comments
here.
There
have
been
questions
about
like
well.
How
do
we
do
this,
or
how
do
we
do
that?
B
A
It
would
help
if
you
can
ground
that
back
into
what
again
it's
just
which
problem
that's
trying
to
solve,
because
I
think
there's
that
part
of
it
like
we,
many
of
us
have
millions
upon
millions
of
content
in
the
registries
that
you
know
have
no
correlation
with
each
other.
So
the
idea
that
I
have
millions
of
signatures
isn't
that
a
big
deal,
because
it's
there
associated
with
there
are
things
but
to
have
some
kind
of
uber
graph
across
all
of
them.
It's
not
clear
how
how
that
would
scale
or
even
why
it's
needed
well,.
B
C
B
Yeah,
so
so,
we'll
I
think
you
know
we
should
probably
let
people
that
need
to
go.
Go
I
can
stick
around
and
talk
for
a
few
minutes,
but
this
is
exactly
the
thing
in
the
third
paragraph
of
the
introduction.
The
big
example
there
that
we
we
talk
through
so
yeah
but
I
don't
know.
Does
anybody
have
anything
else
we
should
discuss
or
should
have
discussed
for
this
meeting.
B
All
right
thanks
I
just
wanted
to
be
cognizant
of
everybody's
time
and
not
just
try
to
you
know
not
not
hold
people
over
well.
We
we
dig
into
two
things.
Unless
that's
something
everybody
wants
to
hear,
okay,
so
I
guess
what
we
should
do
now
with.
Is
you
want
to
go
through
the
scenario
in
the
third
paragraph
again,
I.
B
B
You
know
effectively
the
reason
why
is
because
there
was
a
security
release
or
some
other
issue?
Okay,
so
keep
in
mind
here
that
that
we're
not
saying
that
if
you
say
I
want
one
point,
three
point:
one
that
that
one
point
three
point,
one
as
a
tag
is
going
to
point
somewhere
different
because
there
probably
is
only
ever
one.
One
point
three
point:
one
right:
we're
really
worried
about
the
case.
B
One
point
latest
here:
okay-
and
there
is
definitely
a
potential
security
problem
for
people
that,
if
you're
able
to
make
one
point
latest
point
to
anything
that
one
point
late
is
ever
pointed
to.
If
you
compromise
a
repo,
because
you
can
pick
and
choose
an
outdated
version
of
something
that
is
an
outdated
thing,
that
the
tag
pointed
to
that
that
may
have
vulnerabilities
or
how
about
their
big
problems.
So.
A
D
B
Yeah,
there's
actually
a
really
nice
conversation
that
Miele
Slav
and
true
shank
had
in
the
document
that
really
captures
a
lot
of
this.
Like
the
longest
comment,
the
comment:
that's
like
the
length
of
the
document
at
least
the
way
I
view
it
is,
is
really
awesome
and
we
should
probably
move
to
an
FAQ
and
I
think
answers
at
least
parts
of
this,
but
really
anywhere
where
someone
has
an
opportunity
to
tamper
with
it,
whether
it's
them.
B
D
But
I
think
this
short
version
of
that
long
variety
is
that
if
you
have
snapshots
better
repository,
then
you
only
detect
rollbacks
when
you
fetch
from
the
same
repository
again,
and
if
there
is
a
snapshot,
para
the
whole
registry
server,
then
every
time
you
pull
any
image
from
there
from
the
registry.
You
capture
stays
from
the
registry,
the
snapshot
and
then
you
control
back
to
in
any
repository
on
that
registry.
D
A
A
To
wrap
my
head
around
that
problem
and
if
it's
the
answer,
is
it
solves
that
problem
any
other
things
maybe
but
I
like
the
hacking,
the
CDN
hadn't
really
thought
about
it's
an
interesting
one:
hacking
a
registry.
Is
this
the
only
thing
that
solves
it,
because
if
once
you
once
you
depending
on
how
you've
hacked
the
registry,
because
that's
part
of
the
idea
is
that
if
you
have
the
keys,
you
don't
have
the
keys,
then
you
hacking
can
only
do
so
much.
But
to
your
point:
if
I
don't.
D
A
The
keys
but
I
can
retarget
a
tag
reference
to
an
old,
valid
image
because
it's
still
with
the
same
key,
it's
still
signed
by
a
bling
and
we're
not
invalidating
a
bun
because
we're
saying
no
but
bun,
still
good.
If
that
image
is
still
good,
it
happens
to
have
some
vulnerability
in
it.
But
that's
the
nature
of
all
content,
so
I
I
could
kind
of
get
that,
but
I
I
guess
I'm
still
trying
to
understand
the
how
you
go
wellmaybe
sure
how
you
going
about
this
problem.
A
B
So
the
thing
the
part
of
this
design,
what
it
does
is
the
repository
itself.
Unlike
the
vanilla,
tough
speck,
the
registry
itself
doesn't
indicate
trust
in
tags.
It
doesn't
indicate
tags
what
happens
here.
This
whole
tap.
Thirteen
thing
is
talking
about
how
the
user
ends
up
being
the
what's
effectively
the
the
namespaces
root
of
trust,
while
the
information
they
get
all
comes
from
the
repo.
That's
where
this
whole
tap.
Thirteen
is
all
about.
B
So
it
means
that
even
if
an
attacker
goes
and
breaks
into
your
registry,
all
they
can
do
is
the
same
sorts
of
things
they
could
do
with
like
rollback.
For
you
know,
in
midlist
labs
example
like
a
day
worth
of
information,
if
you
update
every
day
you
have,
you
know
you
have
a
very
small
window
where
they
could
say.
B
Oh
you
know,
actually,
three
hours
ago,
somebody
pushed
a
bug
fix
like
a
new
version
of
the
tag,
but
you
won't
you'll,
never
see
it
because
the
attacker
did
it,
but
they
can't
roll
you
back
more
than
24
hours
ago.
If
you
update
every
24
hours,
think
they
can
never
make
it.
They
do
that.
So
it's
you
know
and
they
can't
make
a
tag
point
somewhere.
There
didn't
the
point
before
that.
Looking
pointed
to
you,
so
it
really
limits
the
damage
that
can
be
caused.
A
A
B
Because,
if
it's
just
associated
with
the
tag,
then
you
don't
have
the
like
the
timeliness
information.
You
don't
know
when
things
change,
if,
if
you
knew
the
only
thing
I
will
ever
install,
is
exactly
this
one
thing
here.
If
my
entire
namespace
will
only
ever
be
this
thing
and
I'll
never
need
to
think
of
anything
else
and
I
only,
and
it's
only
what
this
person
tells
me
or
these
five
people
tell
me
about
this
thing:
that's
all
I
will
ever
ever
ever
care
about.
B
Then
you
could
literally
put
that
metadata
from
those
five
people
into
a
single,
tougher
repository
and
keep
that
like.
Have
the
snapshot
contain
that
information
and
keep
that
up
to
date
and
be
protected
from
rollback,
because
what
you
need
to
know
is
every
time
you
talk
to
the
repo
you
need
to
know.
What's
the
latest
version
of
metadata
from
these,
like
five
people
that
I
that
I
that
I
need
to
get
the
latest
version
of
what
they
tell
me,
tags
are
and
you're.
A
A
Reference
to
repo
another
artifact
in
that
same
repo,
like
the
bun
two
versions
from
yesterday,
you're
worried
about
the
debit.
Somehow
that
they're
pointed
at
the
Debian
image
and
a
whole
nother
that
double
you
know
point
or
two
too
difficult
to
compare.
If
I
had
a
different,
a
bun
to
image
and
a
different
repo,
how
would
could
I
point
my
latest
tag
at
that?
A
Is
that
what
you're
trying
to
progress,
because
I
and
I'm
this
is
where
I
get
confused
and
whether
it's
the
terminology
issue
of
registry
and
repo
having
an
index
on
a
particular
repo
that
I
buy.
You
know
that's
a
fairly
significant
thing,
having
any
kind
of
metadata
that
spans
multiple
repos
is
the
part
that
I
don't
really
buy
into
we're.
B
B
Okay,
so
the
most
secure
thing
would
be
from
from
a
timeliness.
Standpoint
would
be
to
for
anything
you
might
ever
want
to
install
anything
anywhere
in
your
potential
namespace
to
always
know
the
version
of
all
metadata,
because
what
that
would
do
is
that
would
give
you
like
the
ultimate
protection
against
like
rollback
and
these
other
three
types
of
attacks
right
and
then
the
other
end
of
the
spectrum.
B
Is
you
only
know
what
you've
downloaded
it's
basically
you're
blind
to
everything
else,
and-
and
so
this
is
like
the
/,
the
/,
like
imaged
metadata
scenario
and
the
problem.
There
is
exactly
the
problem
that
we've
been
talking
about,
that
that
basically
people
can
play
all
sorts
of
games
with
tags,
and
you
don't
have
a
way
of
knowing
that.
So
what
what
you
want
is
you
want
something
where
the
you
actually
from
a
security
standpoint.
You
want
a
tough
repository
to
be
as
large
as
possible,
like
in
the
case
of
pi
PI.
B
B
Think
that
that
you
know
that
it
may
be
possible
and
efficient
to
do
that
as
well
here
to
have
a
register
have
a
single
repository
you
know
once
again,
then
we
have
to
start
to
get
into
the
side,
conversation
of
privacy
and
all
these
other
things
which
one
of
our
design
options
addresses
quite
well
and
the
other
one
pumps
to
the
side
by
saying.
Well,
what
will
happen
is
is
that
private
data
needs
to
be
isolated
data
that
needs
to
be
private
from
other
data.
B
It
needs
to
be
contained
each
each
subset
of
that
needs
to
be
contained
in
a
separate
repo,
just
to
hide
the
metadata
aspects,
but
not
actually
from
an
efficiency
like
from
a
you
know.
It's
just
a
way
of
hiding
the
metadata
effectively
it
the
way
in
which
that
that
works.
But,
ideally
you
want
that.
You
know
from
a
security
point
on
that
spectrum.
You
want
as
much
content
as
possible
that
someone
might
install
in
really
everything
to
all
end
up
in
the
same
repo,
okay,.
B
A
A
pipe
from
a
public
read
a
public
distribution.
You
know,
I,
could
kind
of
understand
some
of
that,
like
all
the
things
across
all
a
pipe
I'll
and
I,
get
that's
the
difference
between
this
and
pipe
I
like
here
with
registries,
even
docker
hub
being
the
public.
One
still
has
private
registries
because
that's
how
they
make
money.
A
So
the
problem
when
you
get
into
privates,
is
they
intentionally
don't
or
want
to
share
content
and
have
any
crossing
of
information,
because
you
risk
leaking
any
information
across
that
are
its
private
and
even
within
a
company
we
have
multiple
teams
that
share
the
same
registry
that
don't
want
their
information
shared
with
the
other.
So
it's
probably
trying
to
make
sure
that
the
latest
of
something
is
the
latest
yeah.
B
And
you
know,
and
as
we
talked
about
in
the
document,
there's
there's
two
ways
that
can
happen.
One
is
to
just
have
the
tough
repos
be
set
up
right,
so
there's
clearly
no
leakage.
The
other
is
is
that
you
use
a
Merkel
tree
and
your
Merkel
tree,
so
the
two
things
scalability.
First
of
all,
if
you
have
a
Merkel
tree,
the
depth
of
the
Merkel
tree
is
logarithmic
in
the
number
of
items
in
the
thing.
B
So,
even
if
you
have
a
billion
items
like
in
this
would
be
a
billion
people
that
use
a
single
registry
and
have
their
own
metadata
file.
Then
you
have
to
download,
like
30
hashes,
in
order
to
verify
something
30
like
you
know,
sha-256
hashes
or
whatever
else.
That's
tiny,
that's
small
it
just
it
just
doesn't
add.
A
B
At
some
point,
when
you
need
to
generate
a
new
one
which
you
do
periodically,
you
just
take
all
the
content,
that's
in
the
repo
as
of
that
moment,
and
then
you
it's
basically,
you
know
as
though
you're
putting
it
in
a
file
to
sign
it.
You
just
go
through
and
generate
that
metadata,
and
then
you
have
it.
You
have
it
for
the
next
period.
B
It's
it's
like
the
same
process.
You
would
go
through
to
generate
like
a
snapshot
file
only
instead
of
generating
one
and
file
you're,
creating
what
are
basically
either
a
whole
bunch
of
small
files
or
a
single
file
that
you
can
then
pull
the
the
right
hashes
out
to
reconstruct
the
thing
and
give.
But
let
me
let
me
kind
of
yeah,
so,
let's
just
say,
like
I
think
we
can
convince
you
the
convince
everyone
that
it
both
scales
and
there's.
B
There's
multiple
solutions
and
part
of
what
we
want
to
do
is
provide
information
about
what
the
cost
would
be,
what
the
efficiency
is
and
so
on
of
those
and
how
people
look
at
that.
But
that's
one
area
that
we
unfortunately
didn't
get
to
in
the
in
the
past
week
or
two
was
kind
of
an
apples
to
apples
comparison.
But
you
know
we
may
be
asking
you
guys
for
some
real
actual
data
or
you
know,
I
think
that.
C
A
I
got
a
drop
off
because
I
got
a
living
through
also,
but
I
got
a
couple.
Minutes.
I
think
that
by
scoping
this
to
saying
you're
trying
to
make
sure
there
there's,
you
know
I
guess
of
the
two
scenarios:
there's
updating
of
stable
tags
and
there's
unique
tagging.
Unique
tagging
isn't
a
problem
because
it's
always
unique
and
you
know
it
doesn't
change
the
and
though
there's
no
tag
locking
as
part
of
the
spec.
A
It
becomes
within
the
the
scope
of
security
that
you
know,
customers
think
about
with
registries,
and
that
would
alleviate
the
concerns
that
you're
hearing
back
and
then
it
you
are
scoping
into
a
serie
that
doesn't
make
sense,
because
it's
what's
really
interesting
about
it
is
the
signature
is
still
valid
right.
The
key
is
still
valid,
rather
that
didn't
get
revoked
because
they've
been
to
of
last
week
that
wound
up
this
week
having
a
vulnerability
is
still
a
valid
reference.
It's
just
that
there's
an
updated
version
of
it.
We
want
to
make
sure
it
gets
deployed.
A
B
B
Okay
and
if
you
look
over
the
comments
that
got
resolved
and
you
feel
like
something
wasn't
actually
resolved,
please
please
PLEASE
flag
it.
We
we
never!
You
know
we
didn't
close
any
of
these
just
trying
to
get
rid
of
them.
We
really
did.
We
really
do
think.
We've
addressed
all
the
concerns,
so
if
you
think
something
could
be
improved,
then
let
us
know-
and
we
will
continue
to
post
information
about
this
and
also
and
after
a
couple
days,
I'll
probably
actually
turn
this
orange
text
black.