Change annotation namespace
SteveLasker opened this issue · 2 comments
We've been using the logical namespace of org.cncf.oras.* but the image spec calls out a suggestion to use internet reverse namespace:
Keys MUST be unique within this map, and best practice is to namespace the keys.
Keys SHOULD be named using a reverse domain notation - e.g. com.example.myKey.
We could use land.oras to reflect https://oras.land/
Or, we could ask CNCF to create a oras.cncf.io domain.
The thing I like about the cncf.io sub-domain is it would align with a DiD based identity provider.
I wonder if it's necessary to define/require a org.cncf.oras.artifact.created annotation given org.opencontainers.image.created is defined. The ArtifactManifest spec uses the image-spec annotation rules to define valid annotation values. They carry essentially the same meaning, but the duplication suggests none of org.opencontainers.image.* annotations should be applied to an Artifact.
The artifact's creation time MUST be the value of the org.cncf.oras.artifact.created annotation, as specified in the artifact-manifest spec.
Hi @corburn,
Appreciate the input. This is part of the decoupling of the runtime container-specific image spec, from the more generic OCI Artifacts work. See here for some background: Proposal: Decoupling Registries from Specific Artifact Specs #91
Ultimately, I'd like to see OCI Artifacts and ORAS Artifacts merged into the distribution spec and the runtime container image becomes a specific type of artifact. Just as Helm, CNAB, Singularity, various signatures are other types of artifacts are today.
This goes to that generalized pattern, enabling the referrers API to filter by artifactType and sort by created.
This annotation is the beginning of a set of generalized annotations.