Update Threat Model with Blob Signing scenarios
rgnote opened this issue · 0 comments
rgnote commented
One of the scenario was discussed in #283 (comment)
We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.