To better catch failures due to misbehaving or faulty registries, the verifying manifest service used by image and release tooling should verify outgoing manifests (as well as incoming manifests) by digest. This is acceptable now that we require schema2 container image registry support for our release tooling, and helps close another possible failure point by verifying what we send matches what the server tells us it gets.
The code from the linked PR is coming from library-go which was bumped several times by now. Moving to QA for verification.
Contact with dev on slack, we need a misbehaving registry, but it's hard to build the misbehaving registry , will verify it directly.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581