forked from TrueCloudLab/distribution
Change should to must in v2 spec
We found some examples of manifests with URLs specififed that did not provide a digest or size. This breaks the security model by allowing the content to change, as it no longer provides a Merkle tree. This was not intended, so explicitly disallow by tightening wording. Signed-off-by: Justin Cormack <justin.cormack@docker.com>
This commit is contained in:
parent
ecdf4b7e43
commit
1660df4b60
1 changed files with 1 additions and 1 deletions
|
@ -220,7 +220,7 @@ image. It's the direct replacement for the schema-1 manifest.
|
||||||
- **`urls`** *array*
|
- **`urls`** *array*
|
||||||
|
|
||||||
Provides a list of URLs from which the content may be fetched. Content
|
Provides a list of URLs from which the content may be fetched. Content
|
||||||
should be verified against the `digest` and `size`. This field is
|
must be verified against the `digest` and `size`. This field is
|
||||||
optional and uncommon.
|
optional and uncommon.
|
||||||
|
|
||||||
## Example Image Manifest
|
## Example Image Manifest
|
||||||
|
|
Loading…
Reference in a new issue