Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
We found some examples of manifests with URLs specififed that did not provide a digest or size. This breaks the security model by allowing the content to change, as it no longer provides a Merkle tree. This was not intended, so explicitly disallow by tightening wording. Signed-off-by: Justin Cormack <justin.cormack@docker.com> (cherry picked from commit 1660df4) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Loading branch information