Quay.io container image removal Notice.

[TomSweeneyRedHat]

NOTICE

On August 23rd it was discovered that the credentials for several robot service accounts with write-access to the
container-images could have leaked. Upon discovery, the credentials were invalidated. The earliest possible
leak opportunity was around March 10th, 2022.

While the investigation is ongoing, initial inspection of the images seems to indicate it is unlikely any credentials
had actually been discovered and/or used to manipulate images. Nevertheless, out of an abundance of caution,
all possibly-affected images will be disabled.

• quay.io/containers/podman : tags v3 - v4
• quay.io/containers/buildah : tags v1.23.1 - v1.31.0
• quay.io/containers/skopeo : tags v1.5.2 - v1.13.1
• quay.io/podman/stable : tags v1.6 - v4.6.0
• quay.io/podman/hello:latest SHA256 afda668e706a (<= Aug 2, 2023)
• quay.io/buildah/stable : tags v1.23.3 - 1.31.0
• quay.io/skopeo/stable : tags v1.3.0 - 1.13.1

We realize this issue has the potential to impact not only direct but also indirect use, such as base-images.
The safety and integrity of these images have and must take priority. At this time, all images have been disabled.
We will restore originals and/or rebuild fresh copies based on further safety analysis.

We expect analysis to be complete and/or known-safe images restored, before Sept. 8th. However please keep
in mind the research is ongoing, and the situation remains somewhat fluid. When the examination work is complete,
or if any manipulation is discovered, we will issue further updates.

Please see containers/podman#19796 for further updates and discussion.

Thank you in advance for your patience and understanding.