You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Most of this has spun off with [1], and I haven't heard of anyone
talking about verifying the on-disk filesystem in a while. My
personal take is on-disk verification doesn't add much over serialized
verification unless you have a local attacker (or unreliable disk),
and you'll need some careful threat modeling if you want to do
anything productive about the local attacker case. For some more
on-disk verification discussion, see the thread starting with [2].
[1]: https://github.com/opencontainers/image-spec
[2]: https://groups.google.com/a/opencontainers.org/d/msg/dev/xo4SQ92aWJ8/NHpSQ19KCAAJ
Subject: OCI Bundle Digests Summary
Date: Wed, 14 Oct 2015 17:09:15 +0000
Message-ID: <CAD2oYtN-9yLLhG_STO3F1h58Bn5QovK+u3wOBa=t+7TQi-hP1Q@mail.gmail.com>
Signed-off-by: W. Trevor King <[email protected]>
Copy file name to clipboardExpand all lines: ROADMAP.md
-7Lines changed: 0 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,13 +10,6 @@ Listed topics may defer to the [project wiki](https://github.com/opencontainers/
10
10
11
11
## 1.0
12
12
13
-
### Digest and Hashing
14
-
15
-
A bundle is designed to be moved between hosts.
16
-
Although OCI doesn't define a transport method we should have a cryptographic digest of the on-disk bundle that can be used to verify that a bundle is not corrupted and in an expected configuration.
17
-
18
-
*Owner:* philips
19
-
20
13
### Define Container Lifecycle
21
14
22
15
Containers have a lifecycle and being able to identify and document the lifecycle of a container is very helpful for implementations of the spec.
0 commit comments