-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal for archiving notary repository #70
Comments
+1 to archive the notary repository due to it remains inactive status for a long time. There are 270+ open issues and 50+ PRs opening for several years but no responses yet. The last official release v0.6.1 was Apr 11, 2018. Archiving this repo will avoid further confusions from new users. |
Has docker already shifted to use notation ? |
What I know is that Docker Hub now supports storing Notary Project signature |
If we archive notary project, will it bring any troubules to those who are currently using notary? |
@HuKeping Instead, it might be confusing to new users that a project has been inactive for a few years but it is not archived. This is not a healthy strategy that there is no security patch and no community support for the notary repo as a security project, |
I stumbled into this issue as I was exploring the notary project. There are still blog posts linking to the notary project and the old notary github repo. If the repository was archived, i would have a better warning before I spent time exploring this. Thank you. |
@whalelines @kipz would you mind commenting on this proposal from Docker side and also the questions from @HuKeping in the comment #70 (comment). |
Hi @jonnystoten, would you mind commenting on this proposal? Thanks. |
Both Docker and Microsoft are still running it in production. We do have plans to transition customers, but this takes time. |
I appreciate you sharing this info, @justincormack. |
The
notary
repository has experienced minimal activity in recent years. You can explore the repository insights for detailed information. CNCF devstats provides further data, for example, commits data. Furthermore, there have been security issues reported within thenotary
repository, some of which remain unresolved over a long period. For instance, issue #1695 remains open. Recently, a suspicious issue was raised and has not yet been addressed.As the Notary Project continues to evolve, its specifications and the reference implementation,
notation
, serve as solutions for users to ensure the integrity and authenticity of container images, OCI artifacts, and blobs.In accordance with the governance process, I propose archiving the
notary
repository. I invited community feedback on this proposal. Please express your support by commenting with a “+1.” Note that a supermajority (two-thirds) approval from Notary Project governance maintainers is required and thenotary
repository will be archived after 30 days' notice./cc:
Org maintainers: @notaryproject/notaryproject-org-maintainers
Governance maintainers: @notaryproject/notaryproject-governance-maintainers
notary
project maintainers: @notaryproject/notaryproject-notary-maintainersThe text was updated successfully, but these errors were encountered: