You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For a client to verify a fetch, it must read a potentially unbounded amount of data in order to verify it matches the sha256 digest. If the trusted metadata is the 2-tuple (size, sha256) then a client can error out if the remote gives it more than size bytes. For OCI/Docker containers, the metadata today includes both. In ostree, it doesn't, and I regret it.
The text was updated successfully, but these errors were encountered:
Thanks, that's useful to know. From a D-Bus API point of view we return an a{sv} so it's easy enough to add. From a requesting-using-a-uri point of view it's harder, although maybe we can redirect with ? parameters. I'll ponder, thanks.
For a client to verify a fetch, it must read a potentially unbounded amount of data in order to verify it matches the sha256 digest. If the trusted metadata is the 2-tuple
(size, sha256)
then a client can error out if the remote gives it more thansize
bytes. For OCI/Docker containers, the metadata today includes both. In ostree, it doesn't, and I regret it.The text was updated successfully, but these errors were encountered: