-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spike: Evaluate how to split validating data from validating signatures #1129
Comments
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
I'm not working on this at the moment. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Objective
Steps
- [ ] Core Problem to be Solved: What should an image have for it to be a candidate for a promotion?
- [ ] Build provenance attached (signed or unsigned TBD)
- [ ] Images will have to go through a CVE scanner and certain classes are unacceptable for promotions (examining what "certain classes might be" -- will require SIG Security's involvement)
- [ ] SBOMs: Do we recommend an SBOM during the promotion process, or not?
Context and things to think about while working on this task
The text was updated successfully, but these errors were encountered: