Is it more important to sign docker images or have automated builds to hubs?
-
-
Replying to @mattfarina
Automated builds which sign them automatically ;)
1 reply 0 retweets 2 likes -
Replying to @depohmel @mattfarina
Or the: I at least at one point in time placed what was a secure signature key in an environment that may have built this image guarantee
1 reply 0 retweets 1 like
Replying to @codycraven @depohmel
Signing of open source is typically by a person. For example, look at Linux. The Linux Foundation doesn't sign it. A person does. Secure or semi-secure signing in automation isn't easy and you're not going to do it with a SaaS.
6:25 AM - 30 Aug 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.