Notary/TUF: marshalled and ready to activate

alexis richardson

Hi all

I think we are ready to start soliciting votes for Notary.  Please shout now if you disagree, especially if you have been a TOC Contributor carrying out DD.

There were questions about TUF.

My understanding from OCI is that container signatures are expected to be attached metadata that could be associated with any popular method eg gpg, tuf.  If the OCI standardise this then they will focus on making it possible to attach signatures, rather than on picking gpg vs tuf for example.

By the same token (no pun intended) the CNCF is not, I repeat not, blessing a standard.  We should make this clear beyond the possibility of confusion.  TUF is a spec.  But we are not saying it is a standard.  See the github thread for more.

I want to thank Dan and all the DD folks for help thus far.

Are we ready to start voting?


Join to automatically receive all group messages.