Releases: notaryproject/specifications
Releases · notaryproject/specifications
v1.1.0
What's Changed since v1.0.0
- Add specifications for RFC 3161 timestamping support
- Update threat model to include rollback attack
- Update the plugin specification to include plugin conventions and incorporate the most recent updates
- Add the abbreviation
Sto denote state or province in the configuration of trusted identities
Full Changelog: v1.1.0-rc.1...v1.1.0
Notary Project specifications v1.1.0-rc.1
New specifications
- Add specifications for RFC 3161 timestamping support
Other Changes
- Update threat model to include rollback attack
- Update the plugin specification to include plugin conventions and incorporate the most recent updates
- Add the abbreviation
Sto denote state or province in the configuration of trusted identities
Detailed Commits
- Update threat model to include rollback attack by @priteshbandi in #285
- Updated the MAINTAINERS file by @toddysm in #291
- Support arbitrary blob signing by @rgnote in #283
- spec: add plugin conventions and remove outdated information from the plugin spec by @FeynmanZhou in #292
- Org maintainers update by @toddysm in #299
- docs: update spec for timestamping by @Two-Hearts in #290
- doc: add back mistakenly removed sentence by @yizha1 in #308
- doc: support short name S for state/province by @yizha1 in #307
- docs: remove blob related specs by @Two-Hearts in #311
New Contributors
- @Two-Hearts made their first contribution in #290
Full Changelog: v1.0.0...v1.1.0-rc.1
Contributors
toddysm, rgnote, and 4 other contributors
Assets 2
Notary Project specifications v1.0.0
The Notary Project community is proud to announce the v1.0.0 release of Notary Project specifications.
Check out below what's available in this major release.
Specifications
- Notary Project OCI signature specification
- Notary Project OCI COSE signature envelope
- Notary Project OCI JWS signature envelope
- Notary Project OCI signing and verification workflow
- Notary Project signing scheme
- Notary Project Trust Store and Trust Policy
- Notation Plugin specification
Security audit reports
- Security audit report in 2023 covering
notation,notation-go, andnotation-core-gorepositories - Fuzz testing audit in 2023 covering
notary,notation-go, andnotation-core-gorepositories
Threat models
Requirements and other documents
- A collection of requirements and scenarios for Notary Project
- Requirements and proposals for key revocation
- Requirements for key management
- Requirement of verification by reference
- Notary Project signing scenarios
- A collection of definitions and terms used within this repository
New Contributors
- toddysm made their first contribution in #240
- FeynmanZhou made their first contribution in #243
- AdamKorcz made their first contribution in #268
Thank You!
A big THANK YOU ❤️ to all the maintainers, contributors, and everyone else in the Notary Project community for your great contribution to make it happen.
Full Changelog: v1.0.0-rc.2...v1.0.0
Notary v2 - RC2
This release adds support for using image manifest to store the signatures.
What's Changed
- doc: fix broken links, wrong artifactType and outdated ORAS usage by @yizha1 in #216
- doc: notation supports OCI Image manifest by @yizha1 in #217
- doc: update plugin-extensibility.md spec by @JeyJeyGao in #191
- chore: removed TODOs, updated outdated specs etc by @priteshbandi in #231
New Contributors
- @JeyJeyGao made their first contribution in #191
Full Changelog: v1.0.0-rc.1...v1.0.0-rc.2
Contributors
priteshbandi, JeyJeyGao, and yizha1
Assets 2
Notary v2 - RC1
- The first release for notaryproject/notaryproject ( aka Notary v2 specifications). This spec defines a new open source standard for
- A cross industry and cross registry specification for signing and verification of any OCI image or registry artifact
- Support for two signature envelope formats - JWS and COSE. Customers can choose the format along with their choice of plugins
- Update on use of plugins for signing and verification. Plugins let vendors and users integrate base Notation client with their choice of Key Vaults, PKI, and Signing services
- Users to build/integrate their own implementation of Notary v2 specifications into their signing and verification workflows
notaryproject-1.0.0-draft.3
This release of the Notary v2 specifications is part of the "alpha-3" milestone of the notaryproject/roadmap definition. This release enables
- Community to use the updated specifications to develop their own implementation of Notary v2 in language/platforms of their choice, and/or contribute to Notation client development.
- Signature format (JWS) for signing and verification in RC-1.
- Updates on use of plugins for signing and verification. Plugins let vendors and users integrate base Notation client with their choice of Key Vaults and PKI.
notaryproject-1.0.0-draft.2
This is the "alpha-2" milestone of the notaryproject/roadmap definition. This release unlocks further development of the notation client and notation libraries, and even other implementations based on the Notary V2 project specifications.
What's Changed
- TrustStore and TrustPolicy specification by @priteshbandi in #107
- Subject may be redundant by @sudo-bmitch in #111
- refactor: rename DTR to MSR and added Mirantis Container Runtime and MKE in a new section by @bshaaban in #121
- Adding scope to trust policy. by @priteshbandi in #119
- Fix anchor to meetings link in readme by @sajayantony in #125
- Added signing and verification workflows by @priteshbandi in #122
- Add support for verification of artifact signed using publicly trusted certificates. by @priteshbandi in #132
- Add support for signature filtering. by @priteshbandi in #131
- Formatting and other minor changes by @priteshbandi in #134
- Markdown linting by @sudo-bmitch in #116
- Adding scenario for signing in public CI tooling by @sudo-bmitch in #115
- Plugin interface for signing. by @gokarnm in #124
- Add support for user-defined signed attributes by @priteshbandi in #136
New Contributors
- @bshaaban made their first contribution in #121
- @sajayantony made their first contribution in #125
- @gokarnm made their first contribution in #124
Full Changelog: v1.0.0-draft.1...v1.0.0-draft.2
Contributors
sajayantony, sudo-bmitch, and 3 other contributors
Assets 2
v1.0.0-draft.1
v1.0.0-draft.1
This tag was signed with the committer’s verified signature.
SteveLasker
Steve Lasker
Documentation 📘
- Installing notation with linux and wsl2
curl -Lo notation.tar.gz https://github.com/notaryproject/notation/releases/download/v0.7.0-alpha.1/notation_0.7.0-alpha.1_linux_amd64.tar.gz tar xvzf notation.tar.gz -C ~/bin notation - Getting started with notation
What's Changed
- Add Apache License by @SteveLasker in #3
- Add threat model from Justin Cappos by @justincormack in #10
- End to end scenarios, accounting for PR #1 feedback by @SteveLasker in #8
- Definitions & terms by @SteveLasker in #9
- Readme updates, including a TOC and Contributing & Conversations notes. by @SteveLasker in #13
- Reformat to make markdown happy by @hallyn in #14
- Readme fix by @SteveLasker in #18
- Scenario updates, incorporating scenarios, addressing PR feedback by @SteveLasker in #15
- Move goals and stakeholders to root readme by @SteveLasker in #29
- Signature persistence updates by @SteveLasker in #36
- update Quay contact by @hdonnay in #39
- Verification by reference by @SteveLasker in #32
- Image updates by @SteveLasker in #50
- Merge contents from notaryproject by @SteveLasker in #57
- Merge notaryproject by @SteveLasker in #58
- Adding scenario for tag to digest mapping by @sudo-bmitch in #48
- Add scenario for user-specified key by @mnm678 in #75
- Add a document describing key revocation by @mnm678 in #47
- Add project status section to README.md by @lachie83 in #79
- Adding a scenario for revoking signatures by @sudo-bmitch in #49
- Update docs to reflect use of reference types over oci index by @SteveLasker in #80
- Add scenario 12 for chaining from a trusted key by @mnm678 in #96
- Adding cleaned up version of key management requirements by @NiazFK in #67
- Signature specification by @priteshbandi in #102
- refine signature spec by @shizhMSFT in #110
New Contributors
- @justincormack made their first contribution in #10
- @hallyn made their first contribution in #14
- @hdonnay made their first contribution in #39
- @sudo-bmitch made their first contribution in #48
- @mnm678 made their first contribution in #75
- @lachie83 made their first contribution in #79
- @NiazFK made their first contribution in #67
- @priteshbandi made their first contribution in #102
- @shizhMSFT made their first contribution in #110
Full Changelog: https://github.com/notaryproject/notaryproject/commits/v1.0.0-draft.1
Contributors
hdonnay, justincormack, and 8 other contributors