Thomas Hoeck
07/23/2020, 12:16 PMSven Teresniak
07/23/2020, 12:21 PMThomas Hoeck
07/23/2020, 12:24 PMjosh
07/23/2020, 12:34 PMThomas Hoeck
07/23/2020, 12:43 PMjosh
07/23/2020, 12:48 PMThomas Hoeck
07/23/2020, 1:06 PMJeremiah
07/23/2020, 1:49 PMThomas Hoeck
07/23/2020, 2:05 PMjosh
07/23/2020, 2:07 PMImage consumers can enable DCT to ensure that images they use were signed. If a consumer enables DCT, they can only pull, run, or build with trusted images. Enabling DCT is a bit like applying a “filter” to your registry. Consumers “see” only signed image tags and the less desirable, unsigned image tags are “invisible” to them.
Thomas Hoeck
07/23/2020, 4:01 PMFor example, with DCT enabled aonly succeeds ifdocker pull someimage:latest
is signed. However, an operation with an explicit content hash always succeeds as long as the hash existssomeimage:latest
Sven Teresniak
07/31/2020, 11:54 AMThomas Hoeck
07/31/2020, 12:12 PMSven Teresniak
07/31/2020, 12:14 PM~/.prefect
) is also part of the nfs share.Thomas Hoeck
07/31/2020, 1:04 PMSven Teresniak
07/31/2020, 1:26 PMThomas Hoeck
07/31/2020, 3:02 PMSven Teresniak
07/31/2020, 3:09 PMThomas Hoeck
07/31/2020, 3:12 PM