Image manifest JWS verification #1331
Labels
area/docker
Support for the Docker operations
area/security
Management of security functionality and other issues that impact security
component/imagec
Epic
Represents a ZenHub Epic
kind/investigation
A scoped effort to learn the answers to a set of questions which may include prototyping
priority/p1
resolution/will-not-fix
This issue is valid, but will not be fixed
Milestone
Story
As a user I want to know that the image I pull has not been tampered with
Details
Implementation of the JWS signature validation on image manfiests should be performed in the
lib/imagec
code.The digest for the image layers is already computed and verified by the portlayer.WriteImage call
There should be no provision for accepting an image that fails signature validation if a signature is present.
Acceptance
bug1727662
The text was updated successfully, but these errors were encountered: