Add a meeting Rate this page

A

Hey folks, we'll get started a couple of minutes here. Just give people a chance to connect.

B

That's a really nice background.

B

It's not even the same background as he had in the last meeting. I was in with him.

A

I was joking, like everybody's doing their virtual backgrounds, but what if we didn't have virtual backgrounds like? Well, I I don't want this is my virtual. This is my non-virtual virtual background.

A

It's a little less boring more interesting than my uh bedroom background. All right, let's see here, put the notes.

A

There so on the agenda. Last week we had a couple things around the target scenarios for the prototype and this reverse lookup um proposal that could uh that I wanted a chance to review.

A

If there's any other agenda items well,.

B

We um we were having a discussion about that tough document. I I gave marina some sizing figures for to help estimate.

A

Okay,.

B

That kind of model from that proposal- I don't know.

C

um Yeah, um I also had a conversation with samuel carr offline and went through a bunch of things. I don't think he's had a chance to go back through, but I think we resolved um many of the issues in the document that he raised, which I think were points of confusion and also he um helped me to understand one of the things that um one thing that I have, I think been assuming that that the registry was doing differently.

C

That was actually extremely helpful, which I'd like to talk about in this meeting, because it's a big security issue. If, if we retain the same behavior, I.

A

Think, okay! So what? What is your topic that we want to add to the agenda? Can you just add it in there and we can?

A

These meetings have gotten a little bit of just um kind of going off and then we run out of time. So it's wanted to put some structure back to them because we originally had the hour slot so that we could have these open-ended conversations. We were supposed to do these breakouts. We haven't really been everybody's, been super busy, the world's been crazy, so we haven't really been as good about doing the breakouts, so these were.

C

Yeah, I am only maybe five minutes to discuss this depending on how long the conversation goes after, but I'd like to just raise the point so that um we're all talking the same language and that, hopefully, that you know people that maybe didn't understand it worked. That way, which would have been me- and I think at least marina last week- um maybe we're the only ones, but maybe there are others.

C

Now would understand that, although marie and I both, I think, understand it now and that others that um we can hopefully convey why this is a big problem. Although I don't think it's that hard to see but we'll see.

A

Okay, so did you want to go? Do you want to propose something that we talked about for like a time boxed amount, or what do you want to do? What are you proposing here.

C

Yeah um I'd like to talk about that, um so I am fine with, however, that works on the agenda.

C

I would like to have more, um I don't think marina's put her numbers into the document, yet we're still she's run a bunch of um sort of like simulations and things and her, and I are still iterating on that um we'd hope to have it in. But I would much rather give you things a week late than give them now and have them be wrong and then have to fix them. So we're we want to be sure, they're right before we present them and right now we're not sure they're right.

A

Oh, do you.

B

Want to just do this next.

A

Week, do you want to you know, get get time to do that and do it next week.

C

Yeah, we'll we'll leave that um we'll leave the reporting about the what the numbers actually mean and how some of this uh um like, what what the overheads would be for the different design options, and things like that later, I think next week would be a good time to put that on the agenda. Okay,.

A

I think also it's the one of the conversations was not only is the performance, a concern which, if you guys, are doing some stuff to investigate that's great, I think it's also a question of is not that it's not a important problem.

A

Is it an important problem related to private registries or public registries like where is the problem really scoped? I think that would actually help with some context as well.

C

Yeah, that's actually. I had a nice conversation um once again with sam about that, and I think I got him to come around a little bit. So even in a private registry, I assume you're not going to be using like tftp, to just download images because, hey you know it's like a private registry and we kind of like block the network and we don't need any security or signing or verification we'll just like dump the data on the network.

C

You wouldn't do that you'd use https, because it's effectively free and sort of you know who cares if you've got a you know, small overhead or whatever else. So the thing is. Is that um what we think we're going to end up here with here is going to be something that's going to have small enough overhead that this will just be the way people use it and if not, then we'll know, and there will be able. You know people will be able to make a decision to say in this environment.

C

You might want to not use tftp and in this environment. You might want to use tftp to use that analogy, but I think um a priori trying to say. Oh this thing we we shouldn't, you know it's messy. We shouldn't have to use it here. I think we should wait and see.

A

It's not okay, let's, let's put it on the agenda and let's have the right conversation about it, because I feel like we're just kind of pulling on threads without really knowing what we're talking about.

A

So um one of the things I wanted to talk about was this conversation that- and I was hoping sam was going to be here. Let me just see um he's not.

C

Going.

A

To be.

C

Here, okay, he won't make this to me. He'll make it next week. So one of the.

A

Things that sorry.

C

No, I was just going to say, um and so like comments he put in the doc and things a lot of those are misunderstandings that I think have been resolved, but um that he and I talked about individually, but uh we you know whatever you'd like to talk about is fine. Go ahead.

A

Okay, so um one of the things let me share my screen, so it's the link. That's in there. Let me I'll put it in the session as well in the chat session, I'm trying not to use the chat session as notes, because they're not nobody's figure out how to find them afterwards, so we're keeping the notes in the slack conversation in the hackmd rather uh so let me share my screen here.

A

We'll see how screen sharing is working for folks, but the link to it is in the doc, uh sorry in the uh zoom chat. So what I've got here, where's, the one. Oh here, here's the window, that's weird! um One of the things we've been talking about is: how do we find uh the content and part of it? Is you know, driven by some of the stuff, that uh capos is I'm sorry justin, I'm gonna call you capos as opposed to cormac, just to separate, uh I hope. That's. Okay! That's.

C

Fine.

A

Yeah go ahead um is the ability to find the most recent uh content. I know there's a larger scenario that you guys are focused on, but uh the reference to sam was sam had written uh one of the design, docs um design proposals, not design doc, to be fair and we've been evolving the conversation since then, so I wanted to kind of take that same thing, but invert it a little bit to try to address some of the more recent conversations.

A

um I've also noticed that we don't seem to be sticking very well with the google docs stuff, so I did copy it into here, and this is the pr that's uh um mentioned in the notes. What is it add, signature, verification lookup, so uh the the overview is basically, you know we're trying to find a set of signatures and the verification objects that could go with it.

A

So we're just kind of outlining that, for the I kind of did identify some of the goals and non-goals and a workflow which comes from scenario six in the uh signature requirements or the scenarios under the requirements. Repo and basically one of them- and this is something we were discussing early on- is the artifact in its digest- shall not change as the result of something being pushed.

A

This is one of the things that I know we debate a little bit, but I think the conversations we've been having around um the registry operators that have been seeing this in aws and azure and in other places as well, is we see that customers actually follow and deploy based on a digest directly?

A

In some cases, we'd actually like them to be doing for what we call unique tag, but because unique tags are not a physically enforced thing as a spec like tag, locking is a number feature number the registry support, but it's not really in the spec that some customers get nervous and actually want to deploy by digest.

A

Others, as the developers are putting in their deployment artifacts in their cube, deploy files or compose files. Whatever the helm charts is a referencing referencing, a specific image and tag, it could also reference a digest.

A

The point is: is that as the developer puts that in early on some of the proposals we were thinking about is we would update the index and then that digest and or tag would change, and that would mean the deploy ammo would have to change as well. So this goes with the assumption that you cannot change that as part of breaking the developer's workflow.

A

A collection of verification of verification objects may also be associated with a single artifact, so I could have multiple signatures on an image. I could have a tough verification graph or whatever we want to we'll call that metadata tough metadata. That's what the terms you guys been using.

A

That can also be associated with that, and then we want to be able to leverage the garbage collection, because, if you think of the things that we can change easily on registries and things that we can't the garbage collection is one of the biggest monsters that we all implement, because just because you can automate things, customers do and we wind up with massive amounts of content and registries, and then the shared layered stuff. We invest a lot to make sure that we can clean these things up and reduce the size over time.

A

Also minimize the requirements to change the persistent object stores, because that's another thing, each of us implement on our unique infrastructure. You know aws has their storage. We have ours, google, so on and so forth on prem. uh So that's another expensive part of the stack that we would have to change some non-goals. Just to put things out there is, you know, work within the existing oci distribution, spec api, not that we're breaking it, but the idea is that we would add an api is possible like that.

A

I don't think adding an api is relatively cheap. It's the garbage collection and storage that become expensive. So that's all this is outlining. uh I.

B

Mean sorry good yeah, I mean, I think yeah I mean I think apis is expensive in in some in some sense, and it does depend on um people's data models and things how easy it is. If, because this is quite I mean this is a. This is not a trivial api change.

A

I.

B

Think what the.

A

Api is, but my point was: is that uh just the concept of adding an api to go find something implementing the api might be expensive depending on what the api is. But if we just said uh a plus one of an api on something to the distribution spec to find these things, because in this case, what I'm suggesting is you look up things that reference an index and we'll see that in a second?

A

And you could argue the point.

B

Yeah, I think we just we need to. We need to have some discussion with implementers about how difficult they think this would be.

A

um And then compatibility with notary v1, we've said all along that v2 is not a compatibility bar. We want to leverage the work, the thoughts, the efforts, but it's not uh that anybody that the the few people that have implemented notary v1 in registries to be fair, not notary altogether, but notary v1 in registry's docker content. Trust. It's not expected that that work would, you know, be just transparently move forward.

A

So then the the workflow, like, I said, is from the scenario. Six is a dev team builds a container image. um I just put a tag on there for reference. uh They signed that image and which is the verification thing.

A

uh Some artifact scanning solution comes by and says: hey I've looked at it today and as of today, you know: here's! What I assess is the vulnerabilities and it could push that assessment to that same tag again, it's referencing the same tag but we'll see in a second the tag and the digest for that. Actually, don't change!

A

It's another reference to it. The test environment goes through the test. Environment says yep. I've. uh The image was built securely, that's great. It was scan secure. That's great, but it actually does work in this environment, uh so I will stick another verification, object on it and says this thing is now good to be deployed. uh Actually I guess this is a unit test. I think I did a second one here which might be overkill. um Let me remember: it's been a couple weeks, yeah, so basically in the staging environment. That's right!

A

The staging environment is now verifying that the right signatures are on this thing before going to production, so another verification object is pushed to it. Now, as the thing moves into production, the production environment will only deploy things that have the right signatures on. It is the design here, so it has to have the build. Now I didn't get into the detail here. It could also have the ubuntu signature.

A

It might must be signed by ubuntu as well, um but I was more focused on the uh the company's specific signatures because they could say that that signature itself says they will only sign things that come from vendors that they approve, but those are additive, there's nothing exclusive of it. The whole idea is, you have multiple verification objects on it now I'll ask for a bit of patience here for one we can talk about this, but because I'll this is the part there's.

A

This is the one that discusses what I kind of refer to as the downward reference. We as uh we tend to dig in quickly. I was, and I'm debating whether I should even include this because we start evaluating this. What I was trying to do is provide this section as staging to why I was doing the reverse lookup uh model so um before I do that any questions on the workflow or the goals and non-goals just a point of pause.

C

uh

D

Support for the requirement that an institution should not require changing references to images as far.

B

As implementation.

D

Around it in integrates with stuff that's to be resolved, but it's good to have the requirement recorded.

A

I'm sorry I missed part of that.

D

As for the specific implementation or how this would integrate with staff, that's to be decided, but it's it's good to have the requirement recorded. I think.

A

Okay, so uh good to have a requirement to integrate.

D

I've added that to the pr everybody anyway, so you have.

B

Already.

D

Okay,.

C

I I think um I I don't want to derail so I'll, just kind of say this like quickly, but I think also um you should list under non-goals um something about like protection from attack.

C

If the registry is compromised, because um you know- and you can be more specific about it and say that you know an attacker- will be able to freely replay things or move tags or do other stuff like this in the design, but um there's a big kind of I I think someone reading this might get the impression that they're that they're getting certain security properties out, especially if you're doing things like if you're transporting tough metadata the expectation is sort of well hey.

C

If I'm using tough, then tuff is built for compromised resilience of my infrastructure. Therefore I I bet I'm getting compromised resilience of my infrastructure.

A

Okay, I mean it's, that's a good one, like uh I hadn't explicitly thought about excluding that this was more of a base um that we could add and that's a good conversation for us to have either. If we have time today or in the agenda item for next week,.

B

Because.

D

Yeah they.

B

They that they're yeah, if they're uh security, compromises for not including signatures in the content which then you know- and I think that's um you know a significant issue. I mean it's it's it's clear that um signatures via pointers versus international content are not equivalent in security sense.

A

Fair, so I I think I understand what you're saying so, let's get down to the some of the scheme on it that might help on some of this, because I don't know if it solves it or does it honestly.

B

No, I I mean it it can't if, if the content does not.

B

Refer to this, you know it does not include the content of the signature. Then I wouldn't.

A

So let me let me.

B

Jump ahead because.

A

Unless you've read it, I don't think you've had a chance to read through this. Have you justin sorry cormac?

A

Can I reference the person by first name.

C

It's like using you as long as the context is clear: it's fine, okay,.

A

All right, so let me let me go forward because I definitely want to give time for a debate, but I wanted to at least get some context out so uh in the what I refer to as the downward reference, and is that you push a thing and like a manifesto index. So in this case it is an index, and I just showed the multi-platform start, parts of it as well um and there's actually two of them right.

A

There's one: it's amd64 one ppc, so just the copy, paste thing um and then the map, then this thing is pointing to a manifest and the manifest is what points to the layers right. This is the standard oci index and manifest model. So this is kind of a a downward reference right, an index references, a manifest.

A

Both of them can have signature content by the way, but there's this downward reference. That's the way we think about with registries.

A

So we've been largely focusing on this downward reference that I can push a new index and you know that could have my new signatures. The problem is, if you reference this index the index, uh even if the tag doesn't change the digest changes. So that's been the concern. That is even though I don't believe in doing digest, based deployments as an opinion.

A

That's the point, that's an opinion and some people do and we need to be able to support that um so based on sam's example, uh you would pull it as you know this web a2b2 and you would have you know this manifest and then you can add a signature with into an index, and this is the the point here is that the index of course has changed from what it was originally or changing from a manifest to an index. You know, depending on when the signature was sent, it certainly doesn't stop.

A

Even if you did the initial push, if I wanted to add an additional signature for my dev staging test environment scenarios, there's no way to do that without these changing in the quote downward reference, so the reverse lookup model, and we can talk about if that's the right name or whatever, but the concept is a what, if so, um here's the original thing? That's pushed uh in it's an oci, manifest it's web a2v2 and the digest is whatever um not whatever.

A

But it's a specific digest is the point, and then I can push additional signatures and verification objects. So I could say this thing is signed by test.consoso.com and this thing has a digest and I could oh, I can sign another one that oh see scan.contoso.com. I forgot what I have here myself, so I've got two signatures that are verification, objects that were pushed later.

A

That um can reference this and that could further be examined. Skip ahead, just remote and I'll come back is the thing that it references could also store additional information, such an s-bom or tough metadata, as well as scan results as well.

A

It's not just the scan, but some scan results. So you can see that there's this model here. So this is the part that I just wanted to get through and then obviously open for discussion. So in this case, what we're doing is the index is versioned to include the config object. The same thing we've got on manifest, so now I can see an oci index is of type cncf notary or whatever we decide to call it.

A

We add an api that lets us find index objects artifacts that match this type associated with this. So this object didn't change because it didn't reference this, but this does reference um this one, all of them. So now what happens is uh the manifest is the same as above nothing's changed here standard manifest it's an image config and it's got layers the staging verification object. Now this is an index.

A

Excuse me with a new config object. This is a stuff we've been uh talking about. We haven't committed to this yet, uh but the media type of that is now a cncf notary uh verification object. So this is how this index is known to be of its type and it directly references this image. So it's this got pushed referencing. This sorry, am I going too fast for a screen refresh. I forget I'm not presenting directly, but I have the this internet in the middle.

A

A couple of people across some ponds over there.

B

Especially working quite well.

A

Surprisingly, like there's, no trust, it's like surprisingly, um so, basically, that's that's kind of the main thing. I have a detail that again might be too much detail and it might distract from it that the idea is that the actual signature could be put in the config object. So let's just scan skip that for now, because I don't want to. I don't want to do rail too much, um but then.

B

Again to stop the signature being garbage collected because it's not got a tag pointing at it.

A

ah Okay, so that's been, I saw some people talking about that um and I've been meaning to talk more to joey and um uh sam and others, and I'm not sure how docker hub handles it as well. What we've seen is customers actually because they referenced by digest, don't want things automatically garbage collected. If there's no tag in acr, we support both. You can do. In fact, you can do automatic garbage collection if the tag has been deleted, but we actually have a delineation that we won't. If you choose, we don't delete anything by default.

A

Obviously, a customer can choose whether they want to delete digest that have no tag references or they save them, because they're not actually deploying by tags. So the garbage collection, the way we've always thought about garbage collection as the core that is not really a questionable thing is, if I have two images that reference the same base layers that we don't delete, the base layers until all manifests are deleted.

A

We don't the the connection between a tag and a digest is not assumed uh to automatically be garbage collected.

B

Okay, docker hub is moving to the model where, if it's not tagged, it's jc'ed.

A

So I could certainly understand that for something like hub, um but that's not something our customers would accept in private registries because they do deployments on digests only because they feel that's the only secure way to do it.

A

Now, if we're successful, and maybe if we were able to get tag, locking as a spec conformed thing that customers would accept it as a standard, then maybe we could get them to agree to unique tagging uh as a model, but even though I would like to get there right, we can't we couldn't do that today on acr and and keep our customers happy.

D

And this part is not an inherent unavoidable part of the way it is of the design. If we are talking about a registry that can do reverse lookups, that already requires the registry to have an index to have a new lookup api.

D

So we could also add a new upload api that makes the association explicit.

D

This is a signature for an image with that digest and that also automatically allows the registry to model the dependencies for garbage collection purposes directly, and it would not have to.

B

Well, index.

D

And you will have to specifically recognize every specialized config types to say. Oh, this is your signature, so I need to mark the reverse dependency.

B

But then that that's a because that's a really weird model, because I mean the nice thing about it. Apart from that is it's just um you know effectively, you could point at the um the signature object if you wanted, but you don't have to in this model. You've got a choice. You can point at either thing because you can retrieve the signature anyway,.

D

But it's just a normal object.

B

Having a list of types of objects that are not garbage collected normally because they are often pointed to in the other direction, is really weird kind of config like. How would you well.

D

It's definitely new like the review. Would you add how.

B

Would you add the set of types for which they don't get garbage collected? That seems yeah.

D

It doesn't I'm curious what you're saying about caution.

D

Signature tiger is not recognized by the registry. The registry is just going to accept it as a valid oci index, but it's not going to tell you by the way I'm going to garbage collect this and your signature will.

D

Disappear.

A

Justin is your concern that you can push these cncf notary objects, I'll just call them for simplicity, because that's what the red text says um without a tag and it would automatically get garbage collected in docker hub.

B

Yeah.

A

Okay, so there's two parts: one there's nothing says you couldn't push it with a tag as well. Yeah.

B

No completely, you could push things with a tag.

A

In this case, I just don't say, think it's useful because there really isn't the tag, isn't anything useful on it. You could say like. Obviously there is some api changes here, and I appreciate that you guys are go into uh a tag. uh What we call orphaned, uh what do we call them orphaned images or something I forget? If it's not tagged, we we call them orphans and I'm not sure if that's should be not called I'm not because orphans aren't bad anyway.

A

uh The uh I recently watched in the orphan blacks series, which is got my head all twisted um too much detail. So the what you could do is in this api. You could say that these things that don't have tags have digests if they reference this. You know something with a tag. That's still valid that you don't garbage collect them, so you could, I mean. Obviously there is work to do in the registry to support this concept, so it would be an additive thing that you would have to put in your exclusion.

A

Is don't delete, orphaned, uh artifacts without that? Don't have tags if they are referencing, something that is uh valid, so it does fit into the garbage collection model. But it is a change, especially if you guys are starting to go down that path.

A

um Trying to think there's something else in here.

B

What was in the pros and cons section.

A

Yeah, um so the pros and cons, so basically multiple signatures can be added, so that was you know one of the things there is no uh content change to the thing you originally pushed, so all your deployment artifacts. You know your compose files, your helm, charts, your you know, deploys they change, don't change whatsoever. It doesn't matter whether you reference them by tag or digest. They stay perfectly the same. In fact, the scanners that are trying to do index information on it will also you know, be able to to cache that information.

A

um So that's the the point there the con is. It is a new api which we said wasn't really a con, but it is, you know I still wanted to call it out. um The reverse lookup does oh, I actually did reference it. It does have an impact on garbage collection, because there is some new logic that does have to get added to it.

A

uh We do tend to traverse down, but in this case there is an awareness that has to be done uh of all the things that are, you know linked after the fact um you know like this is actually going into what I think you were calling out. Justin cormac.

B

Yeah, I there's this really weird inconsistency between what you're saying that people want to refer to something by hash, because they don't trust it might change, and yet they um effectively are also saying that they do want some things about it. To change like these signatures, but not other things about it, and so there's a weird characterization of what things about it exactly to they want to change or not change, and is this behavior actually is this kind of requirement actually reasonable?

B

So what they're.

A

Saying.

B

Is they don't.

A

Want the thing they're actually deploying to change, they want to know that the image that's going to run. Doesn't it.

B

Do they want you know what else about it? Are they okay? Are they? Okay? If the s-bomb changes? Are they okay, if like, but there's a lot of things that we might end up pointing like this?

B

If we go through this model and I'm I'm not 100 sure that actually, everyone will be happy with all of these things changing what if, like um a signature, was removed, um and so it was no longer signed by my by the author, because the author had invalidated the signature say by deleting it because the key had been compromised or something say um like would that still be okay, if the signature has been removed for it to still be un an unchanged object, that looks still kind of looks okay, I mean I mean I think, there's there's just a bunch of questions that immediately comes to mind about what what changes are?

B

Okay and what are not, and and by making this decision you're you're effectively making a decision about that for people about content, whereas previously the definition of content, hash was everything about the thing and obviously nothing can change.

D

Everything.

B

Can change and like we're kind of asking for intermediate stage, and I think it requires some thoughts about whether that's it can be concrete. You know: is there a good definition of that all users can understand about something in between those two things.

A

No, it's fair and let's uh tease those apart because there's a couple of them that um I could think of three parts of it. So one the thing that they like about the digest or an immutable tag either one is the actual content. They're going to deploy is locked. It will not change right, we're not adding new content to the docker image, we're not adding um we're just not changing anything about the layers or the image itself. Everything about that is sealed.

A

What they're getting is additional metadata and I'm air quoting because metadata is a loaded term. uh They get additional information about that image that is added after so that's the it didn't change its additive is the the thing that ties the two together, because I can get these new signatures, um so I think that part still meets what the requirements of the people that want either digest deployment or an immutable tag deployment.

A

The interesting one that you're mentioning around the delete is one. So if there was a verification object that was there, then somehow it gets deleted. um Is that you know what do you deal with that and that's kind of what I just think about is the registry security models. Is that we support you know just because you can push doesn't mean you can delete, um is something that the private registries tend to support.

B

Yeah, but that's what as justin gabriel's pointed out. Actually I don't have to disambiguate justin um um justin pointed out that that is something that the tough security model is protecting. You against and therefore is considered security relevant, so.

A

It's interesting to think sorry. Somebody else.

D

Yeah, the idea that the the images identified by the america's digest is a complete unit, and it even nothing changes about it if the digest doesn't change, it's good to have that property, but we are anytime. We go outside of the realm of one image. We are losing that anyway, uh like if you have a kubernetes deployment for that image and you change the security configuration of the refinition or you change the volume mounts. You can break a fully tested image with uh exactly the same, manifest digest the same way.

D

There is always some higher level metadata that changes, the behavior of the image and keeping the manifest digest exactly the same, can't help you with that. So in that sense I don't think this would be introducing anything new and if we are in the model of a signature as an approval or something that can be added or removed, then that's necessarily a method that is pointing at a digest at an image digest, but conceptually should not be part of it.

D

I agree that is uncomfortable and conceptually messy, but I don't think we can just avoid it or pretend that it. It never happens.

A

So one other thing: you mentioned something interesting, justin that the tough metadata you know uh tracks that things got you know deleted or not of what the original state was. So the thing that I was trying to get is a minimum viable product. You know mvpa, I don't know. If that's a term we use anymore, but anyway, the the.

D

Minimum base.

A

To build upon is that if we can just get things that are signed that and including additive collections, that one of the additive collections could be the tough metadata.

A

So if you ask for something you can get the tough metadata for that thing, um and whether this and there's nothing that says that this tough metadata couldn't reference this directly that well, I guess, depends on the for tough meta data to reference another thing: it has to be an index, so maybe tough to wind up being an index instead of a manifest.

B

I mean the tough data will need to be pointed out by the tag effectively, because that's that's just you have to be able to discover it. Have I well, I mean technically it will here, as you can see,.

A

Because, as long as object references this, I can add tough metadata and not change the digest of the thing that was originally pushed.

D

Well, for top you'll need separate storage, apis for the root keys and timestamp keys and and so on.

B

Yeah well, those can just be uh well known to acts. That's not so much of an issue.

D

Yeah, but it isn't going to be associated with a single image like this anyway. I think tough can deliver the look up by the chest just by looking up the digest in the in the dark side metadata.

D

So it's not inconsistent, but it doesn't require this mechanism in particular,.

B

I've got a drop, but um I need to think about this. A bit more yeah.

A

Yeah sorry, I forgot that we were back well. I didn't think we were half an hour. I didn't realize we went that fast. So um that's what slack's for uh yeah that's notes. uh There is some notes in the google doc originally that uh joey has no chance to copy over yet. But um let me know and we'll pick up next week, thanks folks.

A

Thanks melissa, I got it back to chat.

A

You.
youtube image
From YouTube: CNCF Notary Project Meeting 2020-06-08

Description

CNCF Notary Project Meeting 2020-06-08