Deprecation of Docker Content Trust on registry.suse.com

[dirkmueller]

Following Dockers retirement notice on Docker Hub and the corresponding archival of the underlying Notary v1 service, the SUSE team will no longer provide going forward Notary v1 style signatures on registry.suse.com. We have never really formally announced their availability, and our telemetry show that more than 99.999% of the container fetches are not contacting our Notary instance at any point in time.

Users impacted should switch to cosign for image integrity verification which remains available and is the recommended solution going forward. Notary is not used by default, one has to opt into using it by setting the environment variable DOCKER_CONTENT_TRUST=1. Therefore going forward, please make sure to not set this environment variable when fetching assets from registry.suse.com.

The Notary v1 service will remain accessible for the coming weeks but disappear as part of the platform migration of registry.suse.com to a new platform provider (this change will otherwise be entirely transparent for our userbase).