Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publisher information #95

Open
RealHarshThakur opened this issue Dec 6, 2022 · 2 comments
Open

Publisher information #95

RealHarshThakur opened this issue Dec 6, 2022 · 2 comments

Comments

@RealHarshThakur
Copy link

I'd like to rely on the public buildpacks regsitry but only users to use allow images by certain publishers (heroku, paketo, etc). Is there a way for the API to give out this information reliably such that I could verify if a particular buildpack was published by who I think it is? Apologies if this isn't the right repo for this issue
@jkutner
Copy link
Member

jkutner commented Dec 29, 2022

@RealHarshThakur it's possible we could expose this, but it would just be something we pass through from the underlying docker registry (which is what host the buildpack images). Are you interested in limit to namespaces or actual publishers?

@RealHarshThakur
Copy link
Author

RealHarshThakur commented Jan 2, 2023
edited
Loading

Limit to namespace is essentially relying on dockerhub handle they(publishers I trust) have, isn't it? I think that would be a good start. Long term, maybe we can rely on the the OCI artifacts being signed and verifying via public key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkutner @RealHarshThakur