-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Back out enforced signature verification by default #218
Comments
To elaborate on this I think what we ultimately want is to try to slowly force into the ecosystem at least a minimum bar where privileged containers must be signed, and we think of the bootc OS as just another privileged container. Truly enforcing it may never happen in podman upstream but we could emit increasing warnings over time (e.g. start with just printing, maybe a year or two from now we add in my favorite mechanism, a |
Prep for further refactoring, targeting containers#218 This will help us find the places we're synthesizing a policy. No functional changes intended. Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
I think the ostree/container attempt to enforce signature verification is strongly motivated (and this is all covered in containers/skopeo#1829 ) but ultimately I feel we're also kind of fighting against the current ecosystem. And our implementation is suboptimal.
In this proposal we behave the same as
podman/docker
. I do still think we should have e.g.podman pull --require-signatures
or so...and once that happens we handle it too.The text was updated successfully, but these errors were encountered: