Skip to content

Refer to the policy file as a trust policy file. #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mtrmac merged 1 commit into from
Sep 7, 2016
Merged

Refer to the policy file as a trust policy file. #192

mtrmac merged 1 commit into from
Sep 7, 2016

Conversation

@rhatdan
Copy link
Member

@rhatdan rhatdan commented Sep 6, 2016

No description provided.

@rhatdan rhatdan mentioned this pull request Sep 6, 2016
Closed
@rhatdan
Copy link
Member Author

rhatdan commented Sep 6, 2016

Fixes #191

mtrmac
mtrmac reviewed Sep 7, 2016
View reviewed changes
cmd/skopeo/copy.go Outdated
trustContext, err := getTrustContext(context)
if err != nil {
return fmt.Errorf("Error loading verification policy: %v", err)
return fmt.Errorf("Error loading trust verification: %v", err)
Copy link
Contributor

@mtrmac mtrmac Sep 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not a native speaker but “trust verification” does not make much sense to me. How do you load a "verification”?

Copy link
Member Author

@rhatdan rhatdan Sep 7, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree, I was just throwing this together for discussion. I liked this slightly better the
Error loading verification trust.

"Error loading trust policy" is probably ok.

@mtrmac
Copy link
Contributor

mtrmac commented Sep 7, 2016

I am perfectly fine with renaming --policy to --trust, but we do need a $name for the file or the concept which works in situations like "the image is not signed and $name requires a signature” or “the signature for this image is not accepted per $name”. “signature verification policy” is a mouthful but works; “trust”, to me, doesn’t.

@rhatdan
Copy link
Member Author

rhatdan commented Sep 7, 2016

I think we can drop this back and just leave policy in lots of places but begin talking about it as a "trust" policy.

@aweiteka WDYT?

@mtrmac
Copy link
Contributor

mtrmac commented Sep 7, 2016

The two really user-visible pieces to which we kind of commit to in the public release are the --policy option to skopeo, and the /etc/containers/policy.json path. (We could of course change the default names in future releases and read the older names for compatibility, but it would be a bit awkward.)

I am perfectly fine with changing these two to --trust and trust.json; it is less clear what names to use for the internal signature.Policy{,Context} API naming and the error messages, but we can change them ~anytime.

@rhatdan
Copy link
Member Author

rhatdan commented Sep 7, 2016

I simplified the original pull request to just change the way we refer to the file, as a trust policy file. Lets talk at the meeting.

@rhatdan rhatdan changed the title Change name policy to trust Refer to the policy file as a trust policy file. Sep 7, 2016
@rhatdan
Copy link
Member Author

rhatdan commented Sep 7, 2016

Fixes #191

@rhatdan
Refer to the signature trust policy.
824853d 
The policy file is actualy indicatiting the signatures that the
user trusts.  This patch changes the documentation and error messages
to indicate this trust.
@rhatdan
Copy link
Member Author

rhatdan commented Sep 7, 2016

@aweiteka and I have agreed on this.

@mtrmac @runcom PTAL and lets get this merged.

@runcom
Copy link
Member

runcom commented Sep 7, 2016

LGTM as is (@mtrmac?)

@mtrmac
Copy link
Contributor

mtrmac commented Sep 7, 2016

ACK. A similar patch to containers/image would touch 3 error messages.

@mtrmac mtrmac merged commit fc0c5be into containers:master Sep 7, 2016
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

locked - please file new issue/PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rhatdan @mtrmac @runcom