You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment we're not able to verify the provenance of the kata-agent binaries that we consume as part of the build, i.e. we have to trust that there's no unexpected bins in the oci registry under the tag that we consume.
Short term solution:
Pin to oci digest, verify provenance manually when bumping the versions.
Long term solution:
Implement provenance generation in the kata oci publish process and verify it as part of the podvm image build process
The text was updated successfully, but these errors were encountered:
At the moment we're not able to verify the provenance of the kata-agent binaries that we consume as part of the build, i.e. we have to trust that there's no unexpected bins in the oci registry under the tag that we consume.
Short term solution:
Pin to oci digest, verify provenance manually when bumping the versions.
Long term solution:
Implement provenance generation in the kata oci publish process and verify it as part of the podvm image build process
The text was updated successfully, but these errors were encountered: