Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

yizha1 · 2023-08-22T09:11:17Z

Description

This is a successor for feature request #275 to support distributing non-OCI artifacts and signatures via OCI compliant registries, also as described in the 2nd scenario. The new specifications should over:

Storage of non-OCI artifacts and signatures in OCI compliant registries
Verification workflow for non-OCI artifacts and signatures in OCI compliant registries

Benefits

A new set of specifications that support new scenarios for securing software supply chains
Ensuring compatibility and interoperability between different implementations that built per the new specifications
Portability of non-OCI artifacts and signatures distributed via OCI compliant registries.

Proposed Solution

Additional Information

N/A

yizha1 added the enhancement New feature or request label Aug 22, 2023

yizha1 assigned Two-Hearts Aug 22, 2023

yizha1 mentioned this issue Aug 22, 2023

Notation to sign and verify arbitrary data notaryproject/notation#741

Open

yizha1 unassigned Two-Hearts Aug 23, 2023

yizha1 added this to the 1.1.0 milestone Sep 11, 2023

yizha1 modified the milestones: 1.1.0, future Oct 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

yizha1 commented Aug 22, 2023 •

edited

Loading

Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

Comments

yizha1 commented Aug 22, 2023 • edited Loading

Description

Benefits

Proposed Solution

Additional Information

yizha1 commented Aug 22, 2023 •

edited

Loading