github/distribution
1
0
Fork 0
mirror of https://github.com/distribution/distribution.git synced 2026-05-01 12:55:30 +00:00
Code Issues Projects Releases Wiki Activity

Change should to must in v2 spec

Browse Source 
We found some examples of manifests with URLs specififed that did
not provide a digest or size. This breaks the security model by allowing
the content to change, as it no longer provides a Merkle tree. This
was not intended, so explicitly disallow by tightening wording.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 1660df4b60)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Justin Cormack
2021-08-20 12:11:45 +01:00
committed by Sebastiaan van Stijn
parent 61e7e20823
commit 19b573a6f7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/spec/manifest-v2-2.md
View File

@@ -220,7 +220,7 @@ image. It's the direct replacement for the schema-1 manifest.
- **`urls`** *array*
Provides a list of URLs from which the content may be fetched. Content
should be verified against the `digest` and `size`. This field is
must be verified against the `digest` and `size`. This field is
optional and uncommon.
## Example Image Manifest