I would disagree with "Use Docker Content Trust for Docker Hub". Docker hasn't b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dlor on Feb 20, 2022 \| parent \| context \| favorite \| on: How to optimize the security, size and build speed... I would disagree with "Use Docker Content Trust for Docker Hub". Docker hasn't been signing official images for the last several years, so turning this on means you'll get the last correctly signed images, which happen to be years out of date.

staticassertion on Feb 21, 2022 [–]

Interesting - why aren't they signing them?

dlor on Feb 21, 2022 | [–]

Not sure, there have been a few issues filed but no official reply.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact