#6230: sign our docker images
--------------------------+-----------------------
Reporter: mattdm | Owner: rel-eng@…
Type: enhancement | Status: new
Milestone: | Component: other
Resolution: | Keywords:
Blocked By: | Blocking:
--------------------------+-----------------------
Comment (by maxamillion):
I'm relatively certain that the signing has to be done by Docker Hub
because they are the distribution layer and it looks as though this is
already done:
{{{
$ docker pull fedora
Using default tag: latest
Trying to pull repository docker.io/library/fedora ... latest: Pulling
from library/fedora
48ecf305d2cf: Pull complete
ded7cd95e059: Pull complete
library/fedora:latest: The image you are pulling has been verified.
Important: image verification is a tech preview feature and should not be
relied on to provide security.
Digest:
sha256:49ae2d6d0b51f713a18db1c0da9fb1b5c94e92eb43cd712ba09028161ea22880
Status: Downloaded newer image for docker.io/fedora:latest
}}}
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/6230#comment:1>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project