-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional qualifiers for oci type #278
Comments
I don't know if Is |
Should've clarified. Encrypted is useful. Since after decryption, we can't be 100% sure if it is the exact same image or if any content got changed post-decryption. So I would treat them as separate packages indeed.
However, checking the docs it feels like cosign needs either certificate-identity and oidc-issuer or public key as values. notation requires only a key name. I don't know if these should also be included in the purl. Maybe not. |
Re: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#oci
There have been a number of recent developments with oci.
format:string
- The OCI format could be docker, OCI, or dualencrypted:boolean
,key:string
, andrecipient:string
- OCI image could be encrypted using ocicryptsigned:boolean
,signType:string
- Signed using cosign or notationdistribution:string
- The distribution could be over ipfssnapshotter:string
- The image might support lazy pulling using a snapshotter such as stargz|nydus|overlaybd|sociacceleration:boolean
- Whether the image can be accelerated usingbypass4netns
My proposed qualifiers are shown highlighted. Any thoughts?
The text was updated successfully, but these errors were encountered: