Back out enforced signature verification by default #218
Assignees
Labels
enhancement
New feature or request
Comments
To elaborate on this I think what we ultimately want is to try to slowly force into the ecosystem at least a minimum bar where privileged containers must be signed, and we think of the bootc OS as just another privileged container. Truly enforcing it may never happen in podman upstream but we could emit increasing warnings over time (e.g. start with just printing, maybe a year or two from now we add in my favorite mechanism, a |
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 15, 2023
Prep for further refactoring, targeting containers#218 This will help us find the places we're synthesizing a policy. No functional changes intended. Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 15, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 15, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 16, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 18, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 18, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 18, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
cgwalters
added a commit
to cgwalters/bootc
that referenced
this issue
Dec 18, 2023
Closes: containers#218 Basically this effort has not been really successful and adds more pain than it solves. We need to have a solution that works for podman too. In many scenarios, TLS is sufficient - or at least, we're far from the only thing that if fetched from a compromised server would result in a compromised system (e.g. privileged containers). Signed-off-by: Colin Walters <walters@verbum.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think the ostree/container attempt to enforce signature verification is strongly motivated (and this is all covered in containers/skopeo#1829 ) but ultimately I feel we're also kind of fighting against the current ecosystem. And our implementation is suboptimal.
In this proposal we behave the same as
podman/docker. I do still think we should have e.g.podman pull --require-signaturesor so...and once that happens we handle it too.The text was updated successfully, but these errors were encountered: