►
From YouTube: CNCF Notary Project Meeting 2020-06-08
Description
CNCF Notary Project Meeting 2020-06-08
A
A
A
There
so
on
the
agenda.
Last
week
we
had
a
couple
things
around
the
target
scenarios
for
the
prototype
and
this
reverse
lookup
proposal
that
could
that
I
wanted
a
chance
to
review.
B
We
we
were
having
a
discussion
about
that
tough
document.
I
I
gave
marina
some
sizing
figures
for
to
help
estimate.
A
C
Yeah,
I
also
had
a
conversation
with
samuel
carr
offline
and
went
through
a
bunch
of
things.
I
don't
think
he's
had
a
chance
to
go
back
through,
but
I
think
we
resolved
many
of
the
issues
in
the
document
that
he
raised,
which
I
think
were
points
of
confusion
and
also
he
helped
me
to
understand
one
of
the
things
that
one
thing
that
I
have,
I
think
been
assuming
that
that
the
registry
was
doing
differently.
C
A
A
These
meetings
have
gotten
a
little
bit
of
just
kind
of
going
off
and
then
we
run
out
of
time.
So
it's
wanted
to
put
some
structure
back
to
them
because
we
originally
had
the
hour
slot
so
that
we
could
have
these
open-ended
conversations.
We
were
supposed
to
do
these
breakouts.
We
haven't
really
been
everybody's,
been
super
busy,
the
world's
been
crazy,
so
we
haven't
really
been
as
good
about
doing
the
breakouts,
so
these
were.
C
Yeah,
I
am
only
maybe
five
minutes
to
discuss
this
depending
on
how
long
the
conversation
goes
after,
but
I'd
like
to
just
raise
the
point
so
that
we're
all
talking
the
same
language
and
that,
hopefully,
that
you
know
people
that
maybe
didn't
understand
it
worked.
That
way,
which
would
have
been
me-
and
I
think
at
least
marina
last
week-
maybe
we're
the
only
ones,
but
maybe
there
are
others.
C
Now
would
understand
that,
although
marie
and
I
both,
I
think,
understand
it
now
and
that
others
that
we
can
hopefully
convey
why
this
is
a
big
problem.
Although
I
don't
think
it's
that
hard
to
see
but
we'll
see.
A
C
Yeah
I'd
like
to
talk
about
that,
so
I
am
fine
with,
however,
that
works
on
the
agenda.
C
I
would
like
to
have
more,
I
don't
think
marina's
put
her
numbers
into
the
document,
yet
we're
still
she's
run
a
bunch
of
sort
of
like
simulations
and
things
and
her,
and
I
are
still
iterating
on
that
we'd
hope
to
have
it
in.
But
I
would
much
rather
give
you
things
a
week
late
than
give
them
now
and
have
them
be
wrong
and
then
have
to
fix
them.
So
we're
we
want
to
be
sure,
they're
right
before
we
present
them
and
right
now
we're
not
sure
they're
right.
C
Yeah,
we'll
we'll
leave
that
we'll
leave
the
reporting
about
the
what
the
numbers
actually
mean
and
how
some
of
this
like,
what
what
the
overheads
would
be
for
the
different
design
options,
and
things
like
that
later,
I
think
next
week
would
be
a
good
time
to
put
that
on
the
agenda.
Okay,.
A
C
Yeah,
that's
actually.
I
had
a
nice
conversation
once
again
with
sam
about
that,
and
I
think
I
got
him
to
come
around
a
little
bit.
So
even
in
a
private
registry,
I
assume
you're
not
going
to
be
using
like
tftp,
to
just
download
images
because,
hey
you
know
it's
like
a
private
registry
and
we
kind
of
like
block
the
network
and
we
don't
need
any
security
or
signing
or
verification
we'll
just
like
dump
the
data
on
the
network.
C
You
wouldn't
do
that
you'd
use
https,
because
it's
effectively
free
and
sort
of
you
know
who
cares
if
you've
got
a
you
know,
small
overhead
or
whatever
else.
So
the
thing
is.
Is
that
what
we
think
we're
going
to
end
up
here
with
here
is
going
to
be
something
that's
going
to
have
small
enough
overhead
that
this
will
just
be
the
way
people
use
it
and
if
not,
then
we'll
know,
and
there
will
be
able.
You
know
people
will
be
able
to
make
a
decision
to
say
in
this
environment.
C
A
So
one
of
the
things
I
wanted
to
talk
about
was
this
conversation
that-
and
I
was
hoping
sam
was
going
to
be
here.
Let
me
just
see
he's
not.
C
A
C
No,
I
was
just
going
to
say,
and
so
like
comments
he
put
in
the
doc
and
things
a
lot
of
those
are
misunderstandings
that
I
think
have
been
resolved,
but
that
he
and
I
talked
about
individually,
but
we
you
know
whatever
you'd
like
to
talk
about
is
fine.
Go
ahead.
A
Okay,
so
one
of
the
things
let
me
share
my
screen,
so
it's
the
link.
That's
in
there.
Let
me
I'll
put
it
in
the
session
as
well
in
the
chat
session,
I'm
trying
not
to
use
the
chat
session
as
notes,
because
they're
not
nobody's
figure
out
how
to
find
them
afterwards,
so
we're
keeping
the
notes
in
the
slack
conversation
in
the
hackmd
rather
so
let
me
share
my
screen
here.
A
We'll
see
how
screen
sharing
is
working
for
folks,
but
the
link
to
it
is
in
the
doc,
sorry
in
the
zoom
chat.
So
what
I've
got
here,
where's,
the
one.
Oh
here,
here's
the
window,
that's
weird!
One
of
the
things
we've
been
talking
about
is:
how
do
we
find
the
content
and
part
of
it?
Is
you
know,
driven
by
some
of
the
stuff,
that
capos
is
I'm
sorry
justin,
I'm
gonna
call
you
capos
as
opposed
to
cormac,
just
to
separate,
I
hope.
That's.
Okay!
That's.
C
A
Yeah
go
ahead
is
the
ability
to
find
the
most
recent
content.
I
know
there's
a
larger
scenario
that
you
guys
are
focused
on,
but
the
reference
to
sam
was
sam
had
written
one
of
the
design,
docs
design
proposals,
not
design
doc,
to
be
fair
and
we've
been
evolving
the
conversation
since
then,
so
I
wanted
to
kind
of
take
that
same
thing,
but
invert
it
a
little
bit
to
try
to
address
some
of
the
more
recent
conversations.
A
I've
also
noticed
that
we
don't
seem
to
be
sticking
very
well
with
the
google
docs
stuff,
so
I
did
copy
it
into
here,
and
this
is
the
pr
that's
mentioned
in
the
notes.
What
is
it
add,
signature,
verification
lookup,
so
the
the
overview
is
basically,
you
know
we're
trying
to
find
a
set
of
signatures
and
the
verification
objects
that
could
go
with
it.
A
So
we're
just
kind
of
outlining
that,
for
the
I
kind
of
did
identify
some
of
the
goals
and
non-goals
and
a
workflow
which
comes
from
scenario
six
in
the
signature
requirements
or
the
scenarios
under
the
requirements.
Repo
and
basically
one
of
them-
and
this
is
something
we
were
discussing
early
on-
is
the
artifact
in
its
digest-
shall
not
change
as
the
result
of
something
being
pushed.
A
This
is
one
of
the
things
that
I
know
we
debate
a
little
bit,
but
I
think
the
conversations
we've
been
having
around
the
registry
operators
that
have
been
seeing
this
in
aws
and
azure
and
in
other
places
as
well,
is
we
see
that
customers
actually
follow
and
deploy
based
on
a
digest
directly?
A
A
The
point
is:
is
that
as
the
developer
puts
that
in
early
on
some
of
the
proposals
we
were
thinking
about
is
we
would
update
the
index
and
then
that
digest
and
or
tag
would
change,
and
that
would
mean
the
deploy
ammo
would
have
to
change
as
well.
So
this
goes
with
the
assumption
that
you
cannot
change
that
as
part
of
breaking
the
developer's
workflow.
A
A
That
can
also
be
associated
with
that,
and
then
we
want
to
be
able
to
leverage
the
garbage
collection,
because,
if
you
think
of
the
things
that
we
can
change
easily
on
registries
and
things
that
we
can't
the
garbage
collection
is
one
of
the
biggest
monsters
that
we
all
implement,
because
just
because
you
can
automate
things,
customers
do
and
we
wind
up
with
massive
amounts
of
content
and
registries,
and
then
the
shared
layered
stuff.
We
invest
a
lot
to
make
sure
that
we
can
clean
these
things
up
and
reduce
the
size
over
time.
A
Also
minimize
the
requirements
to
change
the
persistent
object
stores,
because
that's
another
thing,
each
of
us
implement
on
our
unique
infrastructure.
You
know
aws
has
their
storage.
We
have
ours,
google,
so
on
and
so
forth
on
prem.
So
that's
another
expensive
part
of
the
stack
that
we
would
have
to
change
some
non-goals.
Just
to
put
things
out
there
is,
you
know,
work
within
the
existing
oci
distribution,
spec
api,
not
that
we're
breaking
it,
but
the
idea
is
that
we
would
add
an
api
is
possible
like
that.
A
B
Mean
sorry
good
yeah,
I
mean,
I
think
yeah
I
mean
I
think
apis
is
expensive
in
in
some
in
some
sense,
and
it
does
depend
on
people's
data
models
and
things
how
easy
it
is.
If,
because
this
is
quite
I
mean
this
is
a.
This
is
not
a
trivial
api
change.
A
A
Api
is,
but
my
point
was:
is
that
just
the
concept
of
adding
an
api
to
go
find
something
implementing
the
api
might
be
expensive
depending
on
what
the
api
is.
But
if
we
just
said
a
plus
one
of
an
api
on
something
to
the
distribution
spec
to
find
these
things,
because
in
this
case,
what
I'm
suggesting
is
you
look
up
things
that
reference
an
index
and
we'll
see
that
in
a
second?
B
A
And
then
compatibility
with
notary
v1,
we've
said
all
along
that
v2
is
not
a
compatibility
bar.
We
want
to
leverage
the
work,
the
thoughts,
the
efforts,
but
it's
not
that
anybody
that
the
the
few
people
that
have
implemented
notary
v1
in
registries
to
be
fair,
not
notary
altogether,
but
notary
v1
in
registry's
docker
content.
Trust.
It's
not
expected
that
that
work
would,
you
know,
be
just
transparently
move
forward.
A
So
then
the
the
workflow,
like,
I
said,
is
from
the
scenario.
Six
is
a
dev
team
builds
a
container
image.
I
just
put
a
tag
on
there
for
reference.
They
signed
that
image
and
which
is
the
verification
thing.
A
Some
artifact
scanning
solution
comes
by
and
says:
hey
I've
looked
at
it
today
and
as
of
today,
you
know:
here's!
What
I
assess
is
the
vulnerabilities
and
it
could
push
that
assessment
to
that
same
tag
again,
it's
referencing
the
same
tag
but
we'll
see
in
a
second
the
tag
and
the
digest
for
that.
Actually,
don't
change!
A
It's
another
reference
to
it.
The
test
environment
goes
through
the
test.
Environment
says
yep.
I've.
The
image
was
built
securely,
that's
great.
It
was
scan
secure.
That's
great,
but
it
actually
does
work
in
this
environment,
so
I
will
stick
another
verification,
object
on
it
and
says
this
thing
is
now
good
to
be
deployed.
Actually
I
guess
this
is
a
unit
test.
I
think
I
did
a
second
one
here
which
might
be
overkill.
Let
me
remember:
it's
been
a
couple
weeks,
yeah,
so
basically
in
the
staging
environment.
That's
right!
A
The
staging
environment
is
now
verifying
that
the
right
signatures
are
on
this
thing
before
going
to
production,
so
another
verification
object
is
pushed
to
it.
Now,
as
the
thing
moves
into
production,
the
production
environment
will
only
deploy
things
that
have
the
right
signatures
on.
It
is
the
design
here,
so
it
has
to
have
the
build.
Now
I
didn't
get
into
the
detail
here.
It
could
also
have
the
ubuntu
signature.
A
It
might
must
be
signed
by
ubuntu
as
well,
but
I
was
more
focused
on
the
the
company's
specific
signatures
because
they
could
say
that
that
signature
itself
says
they
will
only
sign
things
that
come
from
vendors
that
they
approve,
but
those
are
additive,
there's
nothing
exclusive
of
it.
The
whole
idea
is,
you
have
multiple
verification
objects
on
it
now
I'll
ask
for
a
bit
of
patience
here
for
one
we
can
talk
about
this,
but
because
I'll
this
is
the
part
there's.
A
This
is
the
one
that
discusses
what
I
kind
of
refer
to
as
the
downward
reference.
We
as
we
tend
to
dig
in
quickly.
I
was,
and
I'm
debating
whether
I
should
even
include
this
because
we
start
evaluating
this.
What
I
was
trying
to
do
is
provide
this
section
as
staging
to
why
I
was
doing
the
reverse
lookup
model
so
before
I
do
that
any
questions
on
the
workflow
or
the
goals
and
non-goals
just
a
point
of
pause.
D
A
Okay,
so
good
to
have
a
requirement
to
integrate.
B
D
C
I
I
think
I
I
don't
want
to
derail
so
I'll,
just
kind
of
say
this
like
quickly,
but
I
think
also
you
should
list
under
non-goals
something
about
like
protection
from
attack.
C
If
the
registry
is
compromised,
because
you
know-
and
you
can
be
more
specific
about
it
and
say
that
you
know
an
attacker-
will
be
able
to
freely
replay
things
or
move
tags
or
do
other
stuff
like
this
in
the
design,
but
there's
a
big
kind
of
I
I
think
someone
reading
this
might
get
the
impression
that
they're
that
they're
getting
certain
security
properties
out,
especially
if
you're
doing
things
like
if
you're
transporting
tough
metadata
the
expectation
is
sort
of
well
hey.
C
A
Okay,
I
mean
it's,
that's
a
good
one,
like
I
hadn't
explicitly
thought
about
excluding
that
this
was
more
of
a
base
that
we
could
add
and
that's
a
good
conversation
for
us
to
have
either.
If
we
have
time
today
or
in
the
agenda
item
for
next
week,.
B
B
They
that
they're
yeah,
if
they're
security,
compromises
for
not
including
signatures
in
the
content
which
then
you
know-
and
I
think
that's
you
know
a
significant
issue.
I
mean
it's
it's
it's
clear
that
signatures
via
pointers
versus
international
content
are
not
equivalent
in
security
sense.
A
A
All
right,
so
let
me
let
me
go
forward
because
I
definitely
want
to
give
time
for
a
debate,
but
I
wanted
to
at
least
get
some
context
out
so
in
the
what
I
refer
to
as
the
downward
reference,
and
is
that
you
push
a
thing
and
like
a
manifesto
index.
So
in
this
case
it
is
an
index,
and
I
just
showed
the
multi-platform
start,
parts
of
it
as
well
and
there's
actually
two
of
them
right.
A
There's
one:
it's
amd64
one
ppc,
so
just
the
copy,
paste
thing
and
then
the
map,
then
this
thing
is
pointing
to
a
manifest
and
the
manifest
is
what
points
to
the
layers
right.
This
is
the
standard
oci
index
and
manifest
model.
So
this
is
kind
of
a
a
downward
reference
right,
an
index
references,
a
manifest.
A
A
So
we've
been
largely
focusing
on
this
downward
reference
that
I
can
push
a
new
index
and
you
know
that
could
have
my
new
signatures.
The
problem
is,
if
you
reference
this
index
the
index,
even
if
the
tag
doesn't
change
the
digest
changes.
So
that's
been
the
concern.
That
is
even
though
I
don't
believe
in
doing
digest,
based
deployments
as
an
opinion.
A
That's
the
point,
that's
an
opinion
and
some
people
do
and
we
need
to
be
able
to
support
that
so
based
on
sam's
example,
you
would
pull
it
as
you
know
this
web
a2b2
and
you
would
have
you
know
this
manifest
and
then
you
can
add
a
signature
with
into
an
index,
and
this
is
the
the
point
here
is
that
the
index
of
course
has
changed
from
what
it
was
originally
or
changing
from
a
manifest
to
an
index.
You
know,
depending
on
when
the
signature
was
sent,
it
certainly
doesn't
stop.
A
Even
if
you
did
the
initial
push,
if
I
wanted
to
add
an
additional
signature
for
my
dev
staging
test
environment
scenarios,
there's
no
way
to
do
that
without
these
changing
in
the
quote
downward
reference,
so
the
reverse
lookup
model,
and
we
can
talk
about
if
that's
the
right
name
or
whatever,
but
the
concept
is
a
what,
if
so,
here's
the
original
thing?
That's
pushed
in
it's
an
oci,
manifest
it's
web
a2v2
and
the
digest
is
whatever
not
whatever.
A
But
it's
a
specific
digest
is
the
point,
and
then
I
can
push
additional
signatures
and
verification
objects.
So
I
could
say
this
thing
is
signed
by
test.consoso.com
and
this
thing
has
a
digest
and
I
could
oh,
I
can
sign
another
one
that
oh
see
scan.contoso.com.
I
forgot
what
I
have
here
myself,
so
I've
got
two
signatures
that
are
verification,
objects
that
were
pushed
later.
A
That
can
reference
this
and
that
could
further
be
examined.
Skip
ahead,
just
remote
and
I'll
come
back
is
the
thing
that
it
references
could
also
store
additional
information,
such
an
s-bom
or
tough
metadata,
as
well
as
scan
results
as
well.
A
It's
not
just
the
scan,
but
some
scan
results.
So
you
can
see
that
there's
this
model
here.
So
this
is
the
part
that
I
just
wanted
to
get
through
and
then
obviously
open
for
discussion.
So
in
this
case,
what
we're
doing
is
the
index
is
versioned
to
include
the
config
object.
The
same
thing
we've
got
on
manifest,
so
now
I
can
see
an
oci
index
is
of
type
cncf
notary
or
whatever
we
decide
to
call
it.
A
We
add
an
api
that
lets
us
find
index
objects
artifacts
that
match
this
type
associated
with
this.
So
this
object
didn't
change
because
it
didn't
reference
this,
but
this
does
reference
this
one,
all
of
them.
So
now
what
happens
is
the
manifest
is
the
same
as
above
nothing's
changed
here
standard
manifest
it's
an
image
config
and
it's
got
layers
the
staging
verification
object.
Now
this
is
an
index.
A
Excuse
me
with
a
new
config
object.
This
is
a
stuff
we've
been
talking
about.
We
haven't
committed
to
this
yet,
but
the
media
type
of
that
is
now
a
cncf
notary
verification
object.
So
this
is
how
this
index
is
known
to
be
of
its
type
and
it
directly
references
this
image.
So
it's
this
got
pushed
referencing.
This
sorry,
am
I
going
too
fast
for
a
screen
refresh.
I
forget
I'm
not
presenting
directly,
but
I
have
the
this
internet
in
the
middle.
A
Surprisingly,
like
there's,
no
trust,
it's
like
surprisingly,
so,
basically,
that's
that's
kind
of
the
main
thing.
I
have
a
detail
that
again
might
be
too
much
detail
and
it
might
distract
from
it
that
the
idea
is
that
the
actual
signature
could
be
put
in
the
config
object.
So
let's
just
scan
skip
that
for
now,
because
I
don't
want
to.
I
don't
want
to
do
rail
too
much,
but
then.
A
Okay,
so
that's
been,
I
saw
some
people
talking
about
that
and
I've
been
meaning
to
talk
more
to
joey
and
sam
and
others,
and
I'm
not
sure
how
docker
hub
handles
it
as
well.
What
we've
seen
is
customers
actually
because
they
referenced
by
digest,
don't
want
things
automatically
garbage
collected.
If
there's
no
tag
in
acr,
we
support
both.
You
can
do.
In
fact,
you
can
do
automatic
garbage
collection
if
the
tag
has
been
deleted,
but
we
actually
have
a
delineation
that
we
won't.
If
you
choose,
we
don't
delete
anything
by
default.
A
Obviously,
a
customer
can
choose
whether
they
want
to
delete
digest
that
have
no
tag
references
or
they
save
them,
because
they're
not
actually
deploying
by
tags.
So
the
garbage
collection,
the
way
we've
always
thought
about
garbage
collection
as
the
core
that
is
not
really
a
questionable
thing
is,
if
I
have
two
images
that
reference
the
same
base
layers
that
we
don't
delete,
the
base
layers
until
all
manifests
are
deleted.
A
We
don't
the
the
connection
between
a
tag
and
a
digest
is
not
assumed
to
automatically
be
garbage
collected.
A
So
I
could
certainly
understand
that
for
something
like
hub,
but
that's
not
something
our
customers
would
accept
in
private
registries
because
they
do
deployments
on
digests
only
because
they
feel
that's
the
only
secure
way
to
do
it.
A
Now,
if
we're
successful,
and
maybe
if
we
were
able
to
get
tag,
locking
as
a
spec
conformed
thing
that
customers
would
accept
it
as
a
standard,
then
maybe
we
could
get
them
to
agree
to
unique
tagging
as
a
model,
but
even
though
I
would
like
to
get
there
right,
we
can't
we
couldn't
do
that
today
on
acr
and
and
keep
our
customers
happy.
D
D
B
But
then
that
that's
a
because
that's
a
really
weird
model,
because
I
mean
the
nice
thing
about
it.
Apart
from
that
is
it's
just
you
know
effectively,
you
could
point
at
the
the
signature
object
if
you
wanted,
but
you
don't
have
to
in
this
model.
You've
got
a
choice.
You
can
point
at
either
thing
because
you
can
retrieve
the
signature
anyway,.
B
D
A
Justin
is
your
concern
that
you
can
push
these
cncf
notary
objects,
I'll
just
call
them
for
simplicity,
because
that's
what
the
red
text
says
without
a
tag
and
it
would
automatically
get
garbage
collected
in
docker
hub.
B
A
A
In
this
case,
I
just
don't
say,
think
it's
useful
because
there
really
isn't
the
tag,
isn't
anything
useful
on
it.
You
could
say
like.
Obviously
there
is
some
api
changes
here,
and
I
appreciate
that
you
guys
are
go
into
a
tag.
What
we
call
orphaned,
what
do
we
call
them
orphaned
images
or
something
I
forget?
If
it's
not
tagged,
we
we
call
them
orphans
and
I'm
not
sure
if
that's
should
be
not
called
I'm
not
because
orphans
aren't
bad
anyway.
A
The
I
recently
watched
in
the
orphan
blacks
series,
which
is
got
my
head
all
twisted
too
much
detail.
So
the
what
you
could
do
is
in
this
api.
You
could
say
that
these
things
that
don't
have
tags
have
digests
if
they
reference
this.
You
know
something
with
a
tag.
That's
still
valid
that
you
don't
garbage
collect
them,
so
you
could,
I
mean.
Obviously
there
is
work
to
do
in
the
registry
to
support
this
concept,
so
it
would
be
an
additive
thing
that
you
would
have
to
put
in
your
exclusion.
A
Is
don't
delete,
orphaned,
artifacts
without
that?
Don't
have
tags
if
they
are
referencing,
something
that
is
valid,
so
it
does
fit
into
the
garbage
collection
model.
But
it
is
a
change,
especially
if
you
guys
are
starting
to
go
down
that
path.
A
Yeah,
so
the
pros
and
cons,
so
basically
multiple
signatures
can
be
added,
so
that
was
you
know
one
of
the
things
there
is
no
content
change
to
the
thing
you
originally
pushed,
so
all
your
deployment
artifacts.
You
know
your
compose
files,
your
helm,
charts,
your
you
know,
deploys
they
change,
don't
change
whatsoever.
It
doesn't
matter
whether
you
reference
them
by
tag
or
digest.
They
stay
perfectly
the
same.
In
fact,
the
scanners
that
are
trying
to
do
index
information
on
it
will
also
you
know,
be
able
to
to
cache
that
information.
A
So
that's
the
the
point
there
the
con
is.
It
is
a
new
api
which
we
said
wasn't
really
a
con,
but
it
is,
you
know
I
still
wanted
to
call
it
out.
The
reverse
lookup
does
oh,
I
actually
did
reference
it.
It
does
have
an
impact
on
garbage
collection,
because
there
is
some
new
logic
that
does
have
to
get
added
to
it.
A
We
do
tend
to
traverse
down,
but
in
this
case
there
is
an
awareness
that
has
to
be
done
of
all
the
things
that
are,
you
know
linked
after
the
fact
you
know
like
this
is
actually
going
into
what
I
think
you
were
calling
out.
Justin
cormac.
B
Yeah,
I
there's
this
really
weird
inconsistency
between
what
you're
saying
that
people
want
to
refer
to
something
by
hash,
because
they
don't
trust
it
might
change,
and
yet
they
effectively
are
also
saying
that
they
do
want
some
things
about
it.
To
change
like
these
signatures,
but
not
other
things
about
it,
and
so
there's
a
weird
characterization
of
what
things
about
it
exactly
to
they
want
to
change
or
not
change,
and
is
this
behavior
actually
is
this
kind
of
requirement
actually
reasonable?
A
A
B
B
If
we
go
through
this
model
and
I'm
I'm
not
100
sure
that
actually,
everyone
will
be
happy
with
all
of
these
things
changing
what
if,
like
a
signature,
was
removed,
and
so
it
was
no
longer
signed
by
my
by
the
author,
because
the
author
had
invalidated
the
signature
say
by
deleting
it
because
the
key
had
been
compromised
or
something
say
like
would
that
still
be
okay,
if
the
signature
has
been
removed
for
it
to
still
be
un
an
unchanged
object,
that
looks
still
kind
of
looks
okay,
I
mean
I
mean
I
think,
there's
there's
just
a
bunch
of
questions
that
immediately
comes
to
mind
about
what
what
changes
are?
B
A
No,
it's
fair
and
let's
tease
those
apart
because
there's
a
couple
of
them
that
I
could
think
of
three
parts
of
it.
So
one
the
thing
that
they
like
about
the
digest
or
an
immutable
tag
either
one
is
the
actual
content.
They're
going
to
deploy
is
locked.
It
will
not
change
right,
we're
not
adding
new
content
to
the
docker
image,
we're
not
adding
we're
just
not
changing
anything
about
the
layers
or
the
image
itself.
Everything
about
that
is
sealed.
A
What
they're
getting
is
additional
metadata
and
I'm
air
quoting
because
metadata
is
a
loaded
term.
They
get
additional
information
about
that
image
that
is
added
after
so
that's
the
it
didn't
change
its
additive
is
the
the
thing
that
ties
the
two
together,
because
I
can
get
these
new
signatures,
so
I
think
that
part
still
meets
what
the
requirements
of
the
people
that
want
either
digest
deployment
or
an
immutable
tag
deployment.
A
The
interesting
one
that
you're
mentioning
around
the
delete
is
one.
So
if
there
was
a
verification
object
that
was
there,
then
somehow
it
gets
deleted.
Is
that
you
know
what
do
you
deal
with
that
and
that's
kind
of
what
I
just
think
about
is
the
registry
security
models.
Is
that
we
support
you
know
just
because
you
can
push
doesn't
mean
you
can
delete,
is
something
that
the
private
registries
tend
to
support.
B
Yeah,
but
that's
what
as
justin
gabriel's
pointed
out.
Actually
I
don't
have
to
disambiguate
justin
justin
pointed
out
that
that
is
something
that
the
tough
security
model
is
protecting.
You
against
and
therefore
is
considered
security
relevant,
so.
D
Yeah,
the
idea
that
the
the
images
identified
by
the
america's
digest
is
a
complete
unit,
and
it
even
nothing
changes
about
it
if
the
digest
doesn't
change,
it's
good
to
have
that
property,
but
we
are
anytime.
We
go
outside
of
the
realm
of
one
image.
We
are
losing
that
anyway,
like
if
you
have
a
kubernetes
deployment
for
that
image
and
you
change
the
security
configuration
of
the
refinition
or
you
change
the
volume
mounts.
You
can
break
a
fully
tested
image
with
exactly
the
same,
manifest
digest
the
same
way.
D
There
is
always
some
higher
level
metadata
that
changes,
the
behavior
of
the
image
and
keeping
the
manifest
digest
exactly
the
same,
can't
help
you
with
that.
So
in
that
sense
I
don't
think
this
would
be
introducing
anything
new
and
if
we
are
in
the
model
of
a
signature
as
an
approval
or
something
that
can
be
added
or
removed,
then
that's
necessarily
a
method
that
is
pointing
at
a
digest
at
an
image
digest,
but
conceptually
should
not
be
part
of
it.
D
A
So
one
other
thing:
you
mentioned
something
interesting,
justin
that
the
tough
metadata
you
know
tracks
that
things
got
you
know
deleted
or
not
of
what
the
original
state
was.
So
the
thing
that
I
was
trying
to
get
is
a
minimum
viable
product.
You
know
mvpa,
I
don't
know.
If
that's
a
term
we
use
anymore,
but
anyway,
the
the.
A
So
if
you
ask
for
something
you
can
get
the
tough
metadata
for
that
thing,
and
whether
this
and
there's
nothing
that
says
that
this
tough
metadata
couldn't
reference
this
directly
that
well,
I
guess,
depends
on
the
for
tough
meta
data
to
reference
another
thing:
it
has
to
be
an
index,
so
maybe
tough
to
wind
up
being
an
index
instead
of
a
manifest.
B
D
B
Yeah
well,
those
can
just
be
well
known
to
acts.
That's
not
so
much
of
an
issue.
D
B
I've
got
a
drop,
but
I
need
to
think
about
this.
A
bit
more
yeah.
A
Yeah
sorry,
I
forgot
that
we
were
back
well.
I
didn't
think
we
were
half
an
hour.
I
didn't
realize
we
went
that
fast.
So
that's
what
slack's
for
yeah
that's
notes.
There
is
some
notes
in
the
google
doc
originally
that
joey
has
no
chance
to
copy
over
yet.
But
let
me
know
and
we'll
pick
up
next
week,
thanks
folks.