20 Mar
2018
20 Mar
'18
13:25
On 2018-03-20, Fabian Vogt
This is one of the reasons why I set up "opensuse/amd64" once we discovered the above Docker breakage. The main downside with not using official-library is that we cannot sign images in "opensuse/...".
We can sign images in the official-library?
We don't (and can't) sign them, Docker Inc signs them. But images outside official-library are not signed at all. I'm not really sure which is better overall (especially given that they are signing artefacts which are not actually traceable to the artefacts we produce which have detached and repomd signatures). -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH https://www.cyphar.com/