I understood we are currently NOT signing our container images.
I dont know how wide-spread container image signing is. But my - perhaps naive - view is that a Docker image is not too different from any sw package. And package signing in e.g. Maven repo or RPM/DEB repository has been a norm for many years. Is Docker any different?
I understood we are currently NOT signing our container images.
I dont know how wide-spread container image signing is. But my - perhaps naive - view is that a Docker image is not too different from any sw package. And package signing in e.g. Maven repo or RPM/DEB repository has been a norm for many years. Is Docker any different?