Red Hat Bugzilla – Bug 1282754
[RFE] integration with Notary Service
Last modified: 2017-10-25 06:16:20 EDT
Description of problem:
Simply having "trusted" registries is not enought to ensure that Red Hat images are not tampered with before they are run.
Integration with notary in the following way should help improve security, but more importantly peace of mind (about what you pull, or to customers who pull application built by openshift/atomic enterprises platform.
1: Integration with Red Hat Network registry when images move from a public registry to a private corporate registry.
2: Integration with builds automatically.
- So ephemeral teams (QE,Operations) can validate the images or content being pulled.
- So customer's or community members can validate images or content that they would use/download
I feel 2 is especially important with a tool like openshift because if it's intergated with automation your not trusting an unknown source(notary) but a trusted/certified(notary).
image signing support is proceeding but there are no plans to integrate w/ notary.