Explore the Notary v2 project in this informative conference talk. Gain insights into the reworked infrastructure for container signing, supporting additional OCI Artifacts like Helm, Singularity, and CNAB. Learn about the project's focus on addressing design and usability issues found in Notary v1, particularly in a multi-registry environment. Discover how Notary v2 aims to make signatures first-class elements of registries, eliminating the need for sidecar databases. Understand the project's emphasis on improving signing usability to encourage broader provider and customer adoption. Get an overview of the current state of the Notary v2 community project and its roadmap. Delve into topics such as automated deployment security, supply chain attacks, registry-native functionality, and the importance of understandable and debuggable usage. This talk is ideal for anyone interested in container signing and the latest developments in the field.
Overview
Syllabus
Intro
What is Notary?
Automated deployment security
Some supply chain attacks
Why do we need Notary v2?
What is registry native?
Not just in the registry
Usability
Understandable and debuggable
Usage
Secure
Working plan
What are we working on?
Taught by
CNCF [Cloud Native Computing Foundation]
