Add reference field #828
Add reference field #828
Conversation
Signed-off-by: Dan Lorenc <dlorenc@google.com>
| { | ||
| "mediaType": "application/vnd.example.signature+json", | ||
| "size": 3514, | ||
| "digest": "sha256:19387f68117dbe07daeef0d99e018f7bbf7a660158d24949ea47bc12a3e4ba17", |
There was a problem hiding this comment.
this is the kind of place where multicodecs are useful https://github.com/multiformats/multicodec/blob/master/table.csv#L9
|
This is largely a dupe of the |
I wouldn't really call it a dupe. They're complementary approaches with a few subtle but important differences. I've outlined those differences in the linked issue.
In my proposal it's placed on ALL the existing types. That means the descriptor, the manifest, and the index types, not only the manifest. The artifacts proposal only adds it to the proposed artifact type, IIUC. |
nishakm
left a comment
nishakm
left a comment
There was a problem hiding this comment.
The reference seems to describe a 1:1 relationship with the descriptor and another mediaType. However there are situations where one needs to describe an n:1 relationship such as n SBoMs to one image or a 1:n relationship such as 1 artifact is linked to n other artifacts. Would a descriptor reference be able to handle this?
|
|
||
| - **`reference`** *descriptor* | ||
|
|
||
| This OPTIONAL property contains a descriptor is the subject of the content described by this descriptor. |
| "size": 3514, | ||
| "digest": "sha256:19387f68117dbe07daeef0d99e018f7bbf7a660158d24949ea47bc12a3e4ba17", | ||
| "reference": { | ||
| "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", |
There was a problem hiding this comment.
Is a user supposed to read this as "this is the signature of the following manifest"? How would this work with "this is a list of SBoMs for the following manifest"? or "this is a list of signatures for the following manifest"?
|
FYI: I updated the tracking issue here with some details on testing/validation. I've been unable to break any clients with this so far, but I appreciate any help in trying! |
mikebrow
left a comment
mikebrow
left a comment
There was a problem hiding this comment.
It would be nice to have a single place in the spec where this feature is discussed... saying something like to add ___ capabilities.. the reference field was added to the base descriptor type. The following types inherit from descriptor.. ___ Thus the reference field is being added to these types. This allows ___.. Example:
| "mediaType": "application/vnd.example.signature+json", | ||
| "size": 3514, | ||
| "digest": "sha256:19387f68117dbe07daeef0d99e018f7bbf7a660158d24949ea47bc12a3e4ba17", | ||
| "reference": { |
There was a problem hiding this comment.
What is the use case of adding a reference to a descriptor? I understand it in the context of of a manifest or index object, but adding this field to the descriptor is creating lots of strange potential implementations where I'm not seeing the value add in present use cases. Is this being proposed in expectation of a descriptor as a manifest being approved, or are there other use cases?
|
Closing this one since we've merged #934. |
8 participants
This accompanies a full proposal.
Fixes #827
Signed-off-by: Dan Lorenc dlorenc@google.com