Add new specifications for distributing non-OCI artifacts and signatures via OCI compliant registries
Opened this issue · 0 comments
yizha1 commented
Description
This is a successor for feature request #275 to support distributing non-OCI artifacts and signatures via OCI compliant registries, also as described in the 2nd scenario. The new specifications should over:
- Storage of non-OCI artifacts and signatures in OCI compliant registries
- Verification workflow for non-OCI artifacts and signatures in OCI compliant registries
Benefits
- A new set of specifications that support new scenarios for securing software supply chains
- Ensuring compatibility and interoperability between different implementations that built per the new specifications
- Portability of non-OCI artifacts and signatures distributed via OCI compliant registries.
Proposed Solution
Additional Information
N/A