Skip to content

Commit

Permalink
Change should to must in v2 spec
Browse files Browse the repository at this point in the history 
We found some examples of manifests with URLs specififed that did
not provide a digest or size. This breaks the security model by allowing
the content to change, as it no longer provides a Merkle tree. This
was not intended, so explicitly disallow by tightening wording.

Signed-off-by: Justin Cormack <[email protected]>
  • Loading branch information
@justincormack
justincormack committed Aug 20, 2021
1 parent ecdf4b7 commit 1660df4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/spec/manifest-v2-2.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ image. It's the direct replacement for the schema-1 manifest.
- **`urls`** *array*

Provides a list of URLs from which the content may be fetched. Content
should be verified against the `digest` and `size`. This field is
must be verified against the `digest` and `size`. This field is
optional and uncommon.

## Example Image Manifest
Expand Down

0 comments on commit 1660df4

Please sign in to comment.