Sign sourcegraph/server docker images
View options
- Truncate descriptions
Created by: KattMingMing
Users / companies may only want/have permission to run signed docker images. Our images are currently unsigned which isn't a major issue for most users since content trust is disabled by default. Users can enable it via DOCKER_CONTENT_TRUST=1
.
Signing images could be done in a similar way to Mongo. latest
is unsigned, but tagged releases are signed.
See Docker documentation for more details on content trust: https://docs.docker.com/engine/security/trust/content_trust/