Skip to content

Commit

Permalink
Change should to must in v2 spec
Browse files Browse the repository at this point in the history 
We found some examples of manifests with URLs specififed that did
not provide a digest or size. This breaks the security model by allowing
the content to change, as it no longer provides a Merkle tree. This
was not intended, so explicitly disallow by tightening wording.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
(cherry picked from commit 1660df4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
  • Loading branch information
@justincormack @thaJeztah
justincormack authored and thaJeztah committed Sep 8, 2021
1 parent 61e7e20 commit 19b573a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/spec/manifest-v2-2.md
View file
Expand Up @@ -220,7 +220,7 @@ image. It's the direct replacement for the schema-1 manifest.
- **`urls`** *array*

Provides a list of URLs from which the content may be fetched. Content
should be verified against the `digest` and `size`. This field is
must be verified against the `digest` and `size`. This field is
optional and uncommon.

## Example Image Manifest
Expand Down

0 comments on commit 19b573a

Please sign in to comment.