Skip to content

Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries #276

New issue
New issue
Open
Open
Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries#276
Labels
enhancementNew feature or request
Milestone
Future
@yizha1

Description

@yizha1
yizha1
opened on Aug 22, 2023

Description

This is a successor for feature request #275 to support distributing non-OCI artifacts and signatures via OCI compliant registries, also as described in the 2nd scenario. The new specifications should over:

  • Storage of non-OCI artifacts and signatures in OCI compliant registries
  • Verification workflow for non-OCI artifacts and signatures in OCI compliant registries

Benefits

  • A new set of specifications that support new scenarios for securing software supply chains
  • Ensuring compatibility and interoperability between different implementations that built per the new specifications
  • Portability of non-OCI artifacts and signatures distributed via OCI compliant registries.

Proposed Solution

Additional Information

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions