Re: Notary/TuF & GPG (& Harbor)

Evan Cordell

Just wanted to weigh in from CoreOS. We are using Notary for signing packages as well for the Quay container registry running at 

Signing packages is tricky and TUF seems to get things right. I would also add that there's nothing preventing GPG integration in the future if that's desirable (for key management and signing operations, not instead of TUF metadata). I believe rust-tuf has that as a goal.

Join to automatically receive all group messages.