@@AaronJaeger Thank you Aaron! When it comes to signatures, an element of friction I experienced at work is that not everyone was comfortable with using a public ledger (rekor) because certain info about private repositories was leaking there, e.g. repository URL. If there's the same concern in your team/organization, you'll have to manage a private rekor instance. Nothing impossible but it does complicate a bit more life.
What do you use in your pipelines? Image names alone, tags, digests or digital signatures?
😊😅😮❤😢😢❤😅😊
😅
Great explanations! Thank you for creating the video. I use digests for now. Looking at signatures.
@@AaronJaeger Thank you Aaron!
When it comes to signatures, an element of friction I experienced at work is that not everyone was comfortable with using a public ledger (rekor) because certain info about private repositories was leaking there, e.g. repository URL.
If there's the same concern in your team/organization, you'll have to manage a private rekor instance. Nothing impossible but it does complicate a bit more life.
Nice explanation
Thank you!
I think tags images should be readonly one published to the hub, unless you specify a different tag.
Incidentally today I was reading an article making the same point. 😄
Lol, why the dramatic background music :D
Lol 🤣 I stopped using background music ahahah but I guess I want to create some tension in this video!