NotaryV2 working group is pleased to announce the first release, Alpha 1. This first release includes content from three subprojects(repositories), to provide the community with both specifications and a reference implementation of Notation client for signing and verifying artifacts.
- Notary V2 specifications (notaryproject-v1.0.0-draft.1)
- Notation Library (notation-go-lib-v0.7.0-alpha.1)
- Notation CLI (notation-v0.7.0-alpha.1
- Introduce the NotaryV2 specifications
- Solicit feedback on the Notation client user experience
This is not a production ready release. Recommended for use in non-production environments only
For detailed notes on each of the individual repositories (NotaryProject, Notation and Notation-go-lib) users can refer to the individual release notes. A summary view is provided in this document.
The draft specifications are included in this first release. Based on community feedback, updates are expected in the next alpha releases around signature format, revocation, integration with external PKI and signing services.
Notation is a standalone client and is not integrated with Docker or Containerd clients. It uses a fixed configuration scheme in this release, where the certificates for signing and verifying are kept in a file. Refer https://github.com/notaryproject/notation/blob/main/specs/notation-config.md. It supports the operations for signing and verifying artifacts. This release depends on oras-artifacts-spec registry support for storing signatures. See getting started for using a local CNCF Distribution instance.
To start using Notation Refer: https://github.com/notaryproject/notation/blob/main/hello-signing.md
Written in the GO language the Library is currently focused on enabling the Notation CLI.
Not Applicable. This is the first release of NotaryV2
This is not an exhaustive list. Users should refer to the Notary V2 roadmap at https://github.com/notaryproject/roadmap#readme for seeing the plan for subsequent releases and refer to individual subprojects (repositories) releases notes for details
- The current signature format is subject to change in upcoming release
- Revocation support is planned for an upcoming release
- Alternate signature storage schemes which can use OCI Distribution 1.0 based registries is under investigation for a future release
Not Applicable. This is the first release of NotaryV2