Update Threat Model with Blob Signing scenarios

Question

Update Threat Model with Blob Signing scenarios

rgnote opened this issue 7 months ago · 0 comments

One of the scenario was discussed in #283 (comment)
We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.