►
From YouTube: CNCF Notary Project 2020-09-14
Description
CNCF Notary Project 2020-09-14
A
B
B
B
B
B
B
In
fact,
I'm
probably
going
to
push
some
updates
to
the
readmes
and
the
root
of
those
forks
to
say
look.
These
are
not
forks
that
will
be
ever
shipped
by
themselves.
The
idea
is
that
these
are
forks,
that
we're
going
to
prototype
and
then
experiences,
and
if
we
like
them,
we
being
this.
You
know
community
both
here
and
the
oci
group,
then,
as
we
get
all
the
pieces
coordinated,
and
we
like
that.
This
works
well
with
this
other
one,
then
we'll
make
prs
upstream
to
those
projects,
and
those
would
come
back
down.
B
B
B
Share
that
the
requirements
of
course
is
where
we've
started
and
that's
capturing
what
we're
actually
trying
to
do
for
goals,
non-goals
scenarios
and
so
forth,
and
then
what
you'll
see
is
there's
a
bunch
of
other
projects.
Some
are
forked,
some
aren't
so
the
other
one
that's
natively
here
is
nv2
and
you'll
notice
that
the
default
project
is
prototype
one,
and
this
talks
about
the
end
and
experience
that
we're
trying
to
build
around
those
requirements.
B
B
B
B
B
B
So
it's
kind
of
a
an
extreme.
You
know
clarity
of
implementation,
which
is
a
good
conversation
questions
whether
we
want
to
go
that
far
and
then
okay,
so
that's
the
persistence
model,
and
then
we
talk
about
how
we
would
link
those.
So
the
most
of
this
conversation
has
been
more
distribution.
Spec
focused
like
the
notary
folks
that
are
pure
focused
on
their
signature.
Stuff,
like
I
just
want
to
get
these
signatures
in
and
out.
B
So
this
has
been
the
majority
of
conversations
we've
been
having
in
the
oci
distribution,
spec
working
group
with
some
overlap
here
of
people
and
then
there's
a
discovery
api
that
we've
been
saying.
Look
if
I've
there's
this
reverse
lookup
model,
because
what
you're
basically
saying
is.
I
want
the
image,
the
image
any
artifact,
but
I
want
to
know
what
signatures
were
associated
with
this
because
remember
we
have
loosely
coupled
art
loosely
coupled
artifacts.
B
A
B
B
I
later
I'm
going
to
push
a
signature
and
the
signatures.
You
know,
there's
co,
there's
two
of
them
in
this
case,
one
for
wabit
networks,
which
is
the
company
that
distributes
net,
monitor
and
acme
rockets,
which
is
consuming
it,
but
they
want
to
have
a
signature
that
says
this
is
good
in
my
environment,
the
way
distribution
works
today
is
you
push
a
thing
and
you
find
out
the
thing
that
it
references
which,
of
course
it
needs
to
know
at
the
time
it's
pushed,
so
normally
that
will
be
layers.
B
B
B
I,
the
interesting
one
is
metadata
which
I've
got
another
proposal,
I'm
working
on,
which
probably
wouldn't
be
stored
as
blobs,
so
not
directly,
although
I'm
I'm
thinking
about
it,
because
this
as
well
as
the
fact
that
you
know
like
the
the
use
of
indexes,
is
not
used
heavily
in
registries.
In
fact,
number
of
registries
didn't
even
support
indexes
until
recently,
what
we're
seeing
is
multi-arc
manifest
is
becoming
more
used.
B
We're
seeing
that
and
I'll
come
back
to
how
this
ties
back.
Basically,
sorry,
when
you
start
seeing
more
uses
of
index,
then
you
actually
want
to
be
careful
about
deleting
any
manifests
that
are
consumed
by
an
index.
So
we
think
the
broader
use
of
index
even
from
multi-arc,
will
surface.
This
need
to
have
apis
that
help
you
figure
out
what
is
referenced
by
something
so
just
the
generic
use
of
index
for
multi-arc
the
use
of
index
for
whether
to
be
signatures
or
cnab,
which
is
a
collection
of
things
or
other
artifact
types.
A
B
Yeah,
sorry,
I
might
have
confused
it,
so
we
have
been
struggling
on
global
time
zones
and
some
of
my
own
team
is
scattered
around
chiwei
works
and
lives
out
of
china
out
of
shanghai,
avarol
is
temporarily
in
india.
That's
gonna
be
coming
back
to
canada,
so
within
our
own
team,
we've
been
struggling
with
that,
rather
than
we,
which,
when
we
had
a
couple
of
meetings,
there's
a
couple
of
topics
that
I
really
wanted
to
make
sure.
Obviously
and
chiwe
were
there.
B
B
Yeah,
no,
absolutely
those
are
the
tuesday
sorry,
the
wednesday
at
two
meetings,
yeah
yeah
and
what
we've
been
trying
to
do
is
make
sure
that
anything
that
we
are
proposing
like
we
were
at
some
points
just
having
things
amongst
our
own
repo
so
and
realized.
Look
let's
just
be
much
more
transparent
about
the
work.
There
wasn't
any
secrecy
or
anything.
It
was
just
a
matter
of
where
this
change
is
made.
So
we've
been
trying
to
get
all
the
proposals
pushed
to
these
projects.
B
In
fact,
that's
why
that
was
one
of
the
reasons
why
we
went
and
added
like
here.
If
I
just
look
at
distribution,
second
you're
gonna
see
everything's
got
a
prototype,
one,
that's
a
default
in
the
notary
project,
specifically,
so
that
we
can
make
sure
that
everything
we're
doing
is
kind
of
staged
in
a
way
that
people
can
see
and
comment
on.
B
D
B
Yeah
great
question:
it's
it's!
The
balance
of
engineering
actually
making
stuff
possible
and
pm's
trying
to
describe
it
and
understand
it
ourselves.
So
what
happened
was
if
you
remember
a
couple
of
weeks
ago
we've
been
make
trying
to
make
progress.
You
specifically
using
tough
implementation,
the
you
know
the
update
framework
implementation
and
we
were
struggling
on
a
number
of
different
dimensions
which
repos
get
used
to
go
into
it,
the
time
stamp
and
roll
back
in
some
of
the
others.
So
shewe
who's
knows
the
space
really
well
and
did
our
docker
content.
B
Trust
implementation
for
acr
had
some
ideas,
but
what
happened
was
we
couldn't
figure
out
how
to
make
them
all
work
in
the
goal
of
what
we're
trying
to
do
now
with
the
ephemeral
clients
and
some
of
the
gaps
rather
than
just
you
know,
shelve
it?
What
we
wanted
to
do
was
shove
it
without
visibility.
We
wanted
to
take
what
he
had
thought
and
capture
that.
B
So
all
that
is
is
like
a
shelf
of
some
thought
process
and
how
we
could
persist
it
into
the
signature
work,
but
there's
a
whole
bunch
of
loose
ends
like
how
do
we
have
a
a
second
place
of
verification
to
make
sure
that
the
timestamp
stuff
is
val,
valid
and
others.
So
it's
and
actually
not
intentionally
doesn't
it's.
We
didn't
have
the
time
to
capture
all
the
information
about
it,
but
we
didn't
want
to
lose
the
work
in
progress.
So
that's
that's
why
it's
just
parked
there
for
now.
B
I'm
trying
to
think
of
what
what
context
could
I
even
provide
that
we
were
talking
beyond
what
I
just
said?
That's
basically
it
I
mean
basically
that's
like
if
we
were
to
serialize
the
metadata
for
the
update
framework
into
an
artifact
that
we
could
push
into
a
registry.
That's
what
g
was
thinking
about
all
of
the
things
that
go
around
it.
How
do
you
maintain
the
time
stamps?
How
do
you
make
sure
that
an
ephemeral
client
can
get
information
from
two
sources
to
know
that
this
wasn't
just
hacked?
B
Sorry,
it's
literally
a
matter
of
how
we
continue
to
make
some
progress
versus,
because
what
we
said
is
we
wanted
to
make
that
in
a
phase
two,
because
we
just
felt
like
we
were
not
making
any
progress
by
having
all
of
that
conversation,
but
we
just
wanted
to
capture
at
least
where
we're
at
that's
the
best
answer.
I
have.
B
I
I'm
hoping
that
we
can
get
through
this
iteration
of
prototype
one
if
you
will
pretty
relatively
quickly
that
we
can
kind
of.
Yes,
we
like
this
engine
experience.
Yes,
we
like
the
apis,
we're
talking
about
distribution,
which
would,
in
theory,
apply
to
the
tough
metadata
as
well,
and
then
we
could
come
back
and
figure
like
how
do
we
assure
a
rollback
of
a
hacked
registry
when
you,
when
the
client
isn't
a
trustable?
Well,
not
trustable?
B
The
the
update
framework
kind
of
is
based
on
the
fact
that
the
client
knows
what
it
was
at
some
point
and
if
it
talks
to
the
registry,
it
says:
hey
what
do
you
have
now
and
it
goes
and
it
can
figure
out,
wait
you've
gone
back
in
time.
I
don't
trust
you
now,
when
the
client
has
no
information,
no
reference
data,
because
it's
a
newly
instanced
object.
Every
time
we
need
some
other
place
to
get
that
information
from.
So
that's
that's.
B
Yeah
there's
been
a
couple
of,
and
those
are
great
questions.
That's
exactly
there's
a
couple
of
questions
that
come
about
that
and
it's
been
viewed
as
scalability,
and
so
the
the
update
framework
folks
went
off
and
did
a
whole
bunch
of
scalability
things
and
came
up
with
a
pattern
that
says
they
can
distill
this
down
pretty
small.
B
So
it's
not
a
lot
of
content
and
there's
some
great
work
there,
but
we
we
really
haven't
been
able
to
get
a
good
articulation
of
the
security
problems
of
two
customers
and
or
even
two
teams
in
the
same
customer
sharing
a
registry.
So
you
have
things
like
docker
hub
and
now
you
know
github,
where
you
have
multiple
completely
independent
entities
that
are
sharing
the
same
registry.
You
know
docker
hub
and
github,
and
I
for
others.
B
B
Compute
instance
that
you
can
then
decide
how
you
want
to
provision,
there's
no
history
to
it.
So
now,
if
I
want
to
get
history
that
says
hey
last
time,
I
talked
to
dockerhub
debian,
which
was
a
week
ago
or
yesterday.
Here's
the
the
timestamp
data
that
I
had,
but
that's
not
on
that
compute
node,
because
it
wasn't
yours
two
seconds
ago.
B
A
B
So
they
were
actively
involved.
In
fact,
I'm
doing
a
quick
look
here.
I
I
don't
see
marina
or
justin
here
today
we
have
or
trisha.
I
don't
want
to
leave
anybody
out.
We
have
been
discussing
with
them
for
a
while.
That's
how
these
conversations
started
and
we
got
caught
up
in
all.
So
I
can't
say:
there's
any
one
good
meeting
where
you
can
look
for
half
an
hour
and
hear
this
discussion.
Everybody
comes
together,
go
yes!
This
is
a
problem.
We
should
figure
out
how
to
solve
it.
B
So
that's,
unfortunately,
that
what
I
just
gave
you
this
summer
is
probably
the
best
summary
of
it
and
we
need
to
reconvene
and
and
do
that,
have
that
conversation
but,
like
I
said
we
kind
of
we
felt
we
needed
to
separate
it
out
into
phase
one
and
phase
two
where
we
can
get
the
the
end
to
end
kind
of
figured
out,
and
then
we
can
figure
out
how
to
roll.
This
update
rollback
semantics
into
the.
B
B
B
A
Right
so
the
the
situation
I've
got
in
mind
right
now
is:
let's
say
that
I'm
not
with
them
anymore,
but
let's
say
I'm
with
ubuntu
and
I've.
I've
got
a
container
store,
an
image
store
that
I'm
I'm
publishing
for
people
to
use
and
you've
got
another
company
that
wants
to
have
their
lab
and
be
mainly
off
the
net,
but
they
want
to
use
our
images
so
they're
going
to
download
them
they're
going
to
somehow
they're
going
to
need
to
delegate
to
the
signatures.
A
So
if
we're
using
the
update
framework
and
we're
using
very
short
signature
time
frames,
we're
now
basically
saying
that
this
proxy
environment
is
going
to
have
to
every
hour
fetch
new
signatures
from
the
public
service,
and
that
seems
like
a
potential
problem.
So
I'm
wondering
if
that's
been
considered.
B
Yeah,
actually,
that's
a
great
that's
a
great
summary
of
it,
because
that
you're
starting
to
get
into
there's
no
single
registry
that
everybody
authoritatively
goes
to.
There's
not
only
private
registries
that
people
pull
content
to,
but
there's
also
air
gap
registries
that
people
pull
content
into,
which
was
right
much
in
what
you
were
saying.
There's
a
combination
of
there's,
a
known
problem:
how
do
you
propagate
that
out?
So
the
thought
has
been
key.
Revocation
versus
a
particular
registry
got
hacked.
Those
are
two
different
things
that
I
don't
think.
C
A
C
B
Sorry,
I
don't
know
if
I
heard
it
wrong.
I
key
revocation
is
part
of
it.
Nya's
has
been
trying
to
drive
that
he
has
meetings
on
friday
mornings,
but
has
been
tied
up
in
other
things,
so
he
hasn't
been
able
to.
I
think
he
says
he's
going
to
start
again
this
week,
so
it's
it's
definitely
part
of
what
we
want
to
do
with
notary
it's.
What
we've
done
is
we've
just
split
that
out
that
the
key
management
and
the
risks
associated
with
that
is
part
of
this
working
group.
B
That
is
an
active
work.
It's
part
of
what
I
would
call
phase
one
it's
just
we've
got
some
of
this
stuff
is
just
so
detailed
that
has
we
there's
some
keyer
key
experts
in
the
industry
that
we
really
need
to
be
thinking
about
this
and
niaz
has
been
driving
that
working
group,
so
I
think
he
said
he
was
gonna
restart
it
back
this
friday.
He
had
a
couple
weeks
where
he
had
to
go
off
between
vacation
and
some
other
problems.
C
B
B
This
is
where
the
I
mean
you
look
around
the
submarine
scenario
where
it
like
goes
under.
You
know,
but
we
we
have
other
sea
going.
Vessels,
I
think,
is
one
of
the
ways
I
was
categorizing,
whether
it
be
container
ships
or
cruise
lines.
Eventually
they'll
be
cruise
lines
again
that
you
know
it's
too
expensive
to
take
updates,
while
they're
at
sea,
so
they
do
it
while
they're
in
port,
and
that
might
be
a
week
so
yeah.
Those
are
definitely
policies
where
some
other
team
might
be.
A
A
We
absolutely
have
to
have
this
fix
in
so
we
bring
the
fix
in
how
do
we
it
since
our
regular
cadence
is
weekly.
We've
now
put
a
week-long
valid
signature
on
these
things,
but
we
have
to
in
fact
invalidate
them
now,
because
on
tuesday
we
got
this
other
thing
and
I'm
not
quite
sure
how
that
fits
in.
Unless
we
have
a
separate
service
running
inside
the
airgap
environment
that
every
day
maybe
just
says
well,
these
things
should
still
be
valid
so
I'll.
A
B
I
I
think,
that's
a
input
into
an
answer
and
oh
I
didn't
realize
I
was
sharing
sorry,
I
I
was
multitasking
for
something
I
wanted
to
queue
up
so
one.
I
would
absolutely
promote
you
to
please
meet
with
niaz
on
friday
mornings,
because
it
sounds
like
you're
bringing
up
all
of
the
right
conversations
that
we
want
to
focus
in
the
key
management
scenarios.
B
B
The
latest
docker
terms
of
service
has
kind
of
been
a
way
to
drive
some
of
this
conversation
forward.
I
actually
think
it's
for
the
it's
the
wrong,
it's
being
perceived
a
little
bit
harshly
than
it
should
the
the
reality
is
upstream
content
even
well
intended
security
fixes
can
break
downstream
apps
right,
my
environment
may
not
be
dependent,
maybe
dependent
on
some
behavior.
B
That
was
just
deemed
to
be
insecure
and
the
question
is:
can
you
just
blindly
bring
up
stream
content
in
or
do
you
need
to
verify
it?
Whether
the
upstream
contention
even
available
is
another
problem
which
kind
of
talked
about
in
this
article?
But
I
think
what
I'm
trying
to
get
more
thought
process
around.
B
So
I
think
there
is
part
of
this
workflow.
That's
a
piece
to
that,
so
that
that's
kind
of
the
larger
thinking
and
what
I,
what
the
real
problem
is.
We
just
don't
have
good
tooling
around
this
I
mean
even
with
an
acr
where
we've
got
this
acr
task
infrastructure.
We
do
base
image,
update,
monitoring
all
the
raw
components
are
there,
but
it's
like
going
to
home
depot
and
finding
an
aisle
of
wooden
nails
and
so
go
build
a
you
know,
a
million
dollar
house
which
isn't
that
big.
B
Oh
azure
container
registry,
sorry,
the
service
that
I
run
for
in
azure-
and
this
is
how
this
is
where
we
think
about
this
stuff,
but
we're
we're
trying
to
have
these
conversations
in
a
broader
place,
because
acr
is
a
consumption
of
it
for
our
customers.
We
make
our
microsoft
software
available
on
mcr
and
just
like,
I
would
say,
nobody
should
ever
be
dependent
on
production
content,
directly
pulled
from
docker
up
or
mcr.
B
You
should
always
have
in
their
registries.
We
need
better,
tooling,
better
workflow
and,
of
course,
the
signatures
have
to
be
able
to
go
into
those
environments,
which
is
how
it's
very
grounded
in
this
conversation
here.
So
I
think
the
key
management
conversations
we're
having
here
need
to
play
into
this,
because
if
I
bring
content
across
not
only
do
I
want
to
test
it
if
it's
good
content
to
make
sure
it
works.
B
B
B
B
B
B
B
There's
nothing
else
we
can
give
time
back
to
folks
just
want
to
make
sure
and
now
let
me
see
what
we've
got
stirring
this
week
to
see
make
sure
we
have
something
I'll
try
to
make
sure.
We
have
some
good
update
next
week
that,
even
if
it's
just
the
distribution
stuff
we've
been
working
on
to
give
a
good
summary
to
it,
because
I
don't
know
we
I
think
we
cancelled
last
week
because
the
holidays,
I
want
to
make
sure
we
keep
good
momentum.
People
feeling
that
we're
making
progress.