When pushing SPC openscap-daemon Docker images to Docker hub, please sign them

[iankko]

Docker starting from 1.8 introduced concept of Docker Content Trust (The Update Framework):

• https://blog.docker.com/2015/08/content-trust-docker-1-8/

which allows images to be signed when publishing to Docker hub. The consumers can later verify the producer of these images (prevent also image forgery, image replay attacks etc.)

We should start using this functionality when creating openscap/openscap-daemon-* SPC containers:

• https://hub.docker.com/r/openscap/openscap-daemon-f23/
• https://hub.docker.com/r/openscap/openscap-daemon-f22/

This is more RFE, than a real bug.

[jan-cerny]

I suggest closing this ticket as we don't publish SPCs on Docker Hub anymore, instead there is a container in Red Hat Registry.