Milind Gokarn

Here is a proposal for how to address this. 1. Only in the system level `config.json` we provide a new setting `configurationBehavior` with supported values `user`/`system` which allows a system...

I've updated the list of log items (not exhaustive), and removed "Parse parameters" and "Formatted output".

I agree that expecting users to copy over files to appropriate plugin location is error prone and bad CX. This is not prioritized for RC1 by should be by GA...

Addressing the scenario ``` A user found a signed image in a registry they wish to use. How do they find and download the public key to configure their trust...

`--trust` may have been a parameter supported in early alpha releases, I'm not able to find a reference to it. The overall reason this issue was created was to track...

Yes, that sounds great. We want to go through each command that we want to stabilize in RC1 and define/review the experience.

Thanks for sharing the updates @SteveLasker , I've started looking into the external security review and other details.

The details of key creation, and its prerequisites are specific to each provider. Key creation may be done by a different persona, outside of the signing workflow, using provider specific...

@ianjmcm the change you are proposing allows Notation to support different types of signed artifacts in a registry, which may have certificates with different EKUs (for code, document, or supply...

From the perspective of proving integrity and authenticity, we are not signing the artifact itself, but a representation (the payload to sign) that uniquely identifies the artifact. And that can...