forked from TrueCloudLab/distribution
52d68216c0
This bumps go-jose to the latest available version: v4.0.3. This slightly breaks the backwards compatibility with the existing registry deployments but brings more security with it. We now require the users to specify the list of token signing algorithms in the configuration. We do strive to maintain the b/w compat by providing a list of supported algorithms, though, this isn't something we recommend due to security issues, see: * https://github.com/go-jose/go-jose/issues/64 * https://github.com/go-jose/go-jose/pull/69 As part of this change we now return to the original flow of the token signature validation: 1. X2C (tls) headers 2. JWKS 3. KeyID Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
15 lines
673 B
Markdown
15 lines
673 B
Markdown
# Contributing
|
|
|
|
If you would like to contribute code to go-jose you can do so through GitHub by
|
|
forking the repository and sending a pull request.
|
|
|
|
When submitting code, please make every effort to follow existing conventions
|
|
and style in order to keep the code as readable as possible. Please also make
|
|
sure all tests pass by running `go test`, and format your code with `go fmt`.
|
|
We also recommend using `golint` and `errcheck`.
|
|
|
|
Before your code can be accepted into the project you must also sign the
|
|
Individual Contributor License Agreement. We use [cla-assistant.io][1] and you
|
|
will be prompted to sign once a pull request is opened.
|
|
|
|
[1]: https://cla-assistant.io/
|