Hide Forgot
Description of problem: Having multiple public repositories in the list can lead to typosquatting and supply chain attacks against Red Hat customers. Version-Release number of selected component (if applicable): container-tools-1:0.1.37-5.module+el8.1.0+4240+893c1ab8 From repo: rhel-8-for-x86_64-appstream-rpms How reproducible: $ cat /etc/containers/registries.conf | grep registries.search -A 1 Actual results: [registries.search] registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.centos.org'] Expected results: [registries.search] registries = ['registry.access.redhat.com', 'docker.io', 'registry.fedoraproject.org', 'registry.centos.org'] Additional info: https://github.com/containers/libpod/issues/4549
Also docker.io should be moved to the end of the list.
According to comment#4, move the status to VERIFIED
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1650