HackMD
    • Create new note
    • Create a note from template
    • Sharing Link copied
    • /edit
    • View mode
      • Edit mode
      • View mode
      • Book mode
      • Slide mode
      Edit mode View mode Book mode Slide mode
    • Customize slides
    • Note Permission
    • Read
      • Only me
      • Signed-in users
      • Everyone
      Only me Signed-in users Everyone
    • Write
      • Only me
      • Signed-in users
      • Everyone
      Only me Signed-in users Everyone
    • Commenting & Invitee
    • Publishing
      Please check the box to agree to the Community Guidelines.
      Everyone on the web can find and read all notes of this public team.
      After the note is published, everyone on the web can find and read this note.
      See all published notes on profile page.
    • Commenting Enable
      Disabled Forbidden Owners Signed-in users Everyone
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Invitee
    • No invitee
    • Options
    • Versions and GitHub Sync
    • Transfer ownership
    • Delete this note
    • Note settings
    • Template
    • Save as template
    • Insert from template
    • Export
    • Dropbox
    • Google Drive Export to Google Drive
    • Gist
    • Import
    • Dropbox
    • Google Drive Import from Google Drive
    • Gist
    • Clipboard
    • Download
    • Markdown
    • HTML
    • Raw HTML
Menu Note settings Sharing Create Help
Create Create new note Create a note from template
Menu
Options
Versions and GitHub Sync Transfer ownership Delete this note
Export
Dropbox Google Drive Export to Google Drive Gist
Import
Dropbox Google Drive Import from Google Drive Gist Clipboard
Download
Markdown HTML Raw HTML
Back
Sharing
Sharing Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Comment & Invitee
Publishing
Please check the box to agree to the Community Guidelines.
Everyone on the web can find and read all notes of this public team.
After the note is published, everyone on the web can find and read this note.
See all published notes on profile page.
More (Comment, Invitee)
Commenting Enable
Disabled Forbidden Owners Signed-in users Everyone
Permission
Owners
  • Forbidden
  • Owners
  • Signed-in users
  • Everyone
Invitee
No invitee
   owned this note    owned this note      
Published Linked with GitHub
Like1 BookmarkBookmarked
Subscribed
  • Any changes
    Be notified of any changes
  • Mention me
    Be notified of mention me
  • Unsubscribe
Subscribe
--- tags: ratify --- # Ratify - Weekly Meeting Notes ###### tags: `ratify` `meeting-notes` We hold a weekly Ratify community meeting on Wed 4:30-5:30pm (Pacific Time) Get Ratify Community Meeting Calendar [here](https://calendar.google.com/calendar/u/0?cid=OWJjdTF2M3ZiZGhubm1mNmJyMDhzc2swNTRAZ3JvdXAuY2FsZW5kYXIuZ29vZ2xlLmNvbQ) Zoom Link - https://us02web.zoom.us/j/87420862575?pwd=b2xhSU1KYVY1cXIwKy9Xb2pXeDRHUT09 Copy the template ## Meeting Date ### Announcement: ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - _add your items_ ------------------- ## Nov 22 2023 ### Announcement: ### Attendees: - Susan Shi - Akash - Binbin - Shiwei - Feynman - Yi ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - SBOM Prototype demo Discussion items: 1.How do customers attach their SBOM? ``` ${GITHUB_WORKSPACE}/bin/oras attach \ --artifact-type application/spdx+json \ ${TEST_REGISTRY}/sbom:v0 \ .staging/sbom/_manifest/spdx_2.2/manifest.spdx.json:application/spdx+json ``` [Akash] --artifact-type can be a comma seperated list [Feynman] media type if not essential, we should remove the check 2. supported license expression GFDL-1.3-only AND GPL-3.0-only AND LicenseRef-LGPL vs GFDL-1.3-only OR GPL-3.0-only OR LicenseRef-LGPL 3. Do we allow only package name with no package version [Yi] we should also have rego to ensure a SBOM must exist 4. What if there are multiple SBOMs attached. Extension data When there are multiple, should we only care about the latest one? We should evaluate what we put into extension data TODO: work with Yi on the verifier msg 5. [CRD]([CR](https://github.com/deislabs/ratify/blob/main/config/crd/bases/config.ratify.deislabs.io_verifiers.yaml)) plugin version TODO: Create a tracking issue for handling Plugin version ------------------- ## Nov 15 2023 ### Announcement: ### Attendees: - Susan Shi - Akash - Binbin - Shiwei - Feynman - Yi - Luis ### Actionable Agenda Items: - [docs: add multi-tenancy support discussions](https://github.com/deislabs/ratify/pull/1175) [Luis/Feyman] Would like to see more details customer scenario, and choose an option that delivers the best customer workflow for mutl-tenancy [Akash] Since cache are enrypted at test, We could try out different keys for different namespace [Susan] For logs, we could add namespace infomation to relevant logs, and the cluster admin can choose to forward specific log to team Leads. - [Venafi notation plugin support](https://github.com/deislabs/ratify-web/pull/32) Binbin: Venafi is using certs of type: signingAuthority. Ratify currently doesn't differentiate between trustStore types, such as ca, tsa and signingAuthority. This will causes a conflict if customer uses CA/TSA at the same time. ### Presentation/Discussion Agenda Items: - _add your items_ ------------------- ## Nov 8 2023 ### Announcement: ### Attendees: - Susan Shi - Akash Singhal - Luis Dieguez - Yi Zha - JunCheng Zhu - Shiwei Zhang - Feynman Zhou - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - https://github.com/deislabs/ratify-web/issues/29 TODO: update guide so AKS customer are encouraged to use image integrity We can add also mention the manual work around TODO: Add a note to mention side by side open Ratity with AKS addon is not supported - https://github.com/deislabs/ratify/issues/1160 - discussion of default Ratify rego policy Question: what is the new default path once we deprecate configPolicy. ### notes recording: https://youtu.be/adCCiGVZcjM ------------------- ## Nov 1 2023 ### Announcement: ### Attendees: - Susan Shi - Akash Singhal - Luis Dieguez - Yi Zha - Binbin Li - Shiwei Zhang - Feynman Zhou - Sajay Antony - _add yourself_ ### Actionable Agenda Items: - review [allow multiple notationCert in default chart](https://github.com/deislabs/ratify/pull/1151) - vuln report support https://hackmd.io/GHsUE5qBRwGyhNSsajth2Q?view Sajay Antony: Is it possible to uplift this into the CI pipeline or a regular job that does this verification and attach a derived artifact that ratify can simply verify? Basically precanned signed response? Sajay Antony: $ratify --verify --attach --policy ... Binbin Li: currently policy is specified in a json config, something like: ratify --verify --config ... Sajay Antony: As long as we an pre-attach the attestation then it makes this easier. I would like to see if we can use notation to attach an attestation with all the verification pre baked. It is also a valid scenario that customer deploys docker hub image with CA1, and SBOM signed with CA2. Ratify should consider how to associate SBOM verification and how to specify the associated validation cert for this SBOM. ### Presentation/Discussion Agenda Items: - _add your items_ ### notes recording: https://youtu.be/__k6MIcUVPs ------------------- ## Oct 25 2023 ### Announcement: ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - [helm] Make default verifier more configurable, [issue 1145](https://github.com/deislabs/ratify/issues/1145) Can we use helmLoop? How should we handle breaking changes in helm chart? - v1.1.0 Triage TODO: we should move things out of 1.0 and close it out - Ratify /Chart download telemetry TODO: maintainers please send your acct detail to Binbin to be added as artifact hub Ratify owner/contributor - _add your items_ ### Notes: recording: https://youtu.be/wvED3x0pTCo ------------------- ## Oct 18 2023 ### Announcement: ### Attendees: - _add yourself_ - Feynman Zhou - Sajay Antony - Susan Shi - Akash Singhal - Binbin Li - Juncheng Zhu - Luis Dieguez - Yi Zha ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - Discuss where should we keep our spec/design doc. We have two goals , having docs discoverable and been able to keep track of comments/discussions. For future, we can keep docs in a Ratify repo. Kyverno keeps their design doc in a design repo For existing hackMd doc, we should look at how to export them. - performance testing doc, https://github.com/deislabs/ratify-web/pull/16 - CRD conversion webhook: - `metadata.name` and `metadata.namespace` are immutable. - Install `cert-manager` to manage certs. - Hardcode `namespace` to CRD. This item will be moved to FUture milestone given the constraint that metadata.name is immutable. We can pull this back in based on customer need. - Set date for next milestone v1.1.0 temporialy set to Dec8th. recording: https://youtu.be/lNZk8xa6C2E ------------------- ## Oct 11 2023 ### Attendees: - Sajay Antony - Susan Shi - Akash Singhal - Binbin Li - Juncheng Zhu - Luis Dieguez - _add yourself_ ### Actionable Agenda Items: ### Presentation/Discussion Agenda Items: - add performance testing doc, https://ratify.dev/docs/1.0/reference/performance - Capturing some of the discussion we had around release cadence and the release milestones. Sajay shared K8 ( doc link) follows a 3 times a year release cadence s , How do we feel if we start with the same cadence and adjust if needed? We last released end of Sep , putting 1.1.0 in late Jan , 1.2.0 late May? [Shiwei] Ratify could possibly have a short release cycle , e,g. monthly or every two month. [Sajay] My vote would be to align with K8s do avoid any confusion with the community. [Akash] we should keep chart and app version consistent. We discussed two patterns for our intermediary milestones. There are two advantage of having betaX milestones , #1 this will allows us to following a monthly release cadence. #2, for new features we are adding to beta, there are still room for changes based on customer feedback. Going straight to RC have a lower release cost, and also indicte the product is more stable. Options: 1.0.0 (latest release) -> 1.1.0.RCX -> 1.1.0 1.0.0 (latest release) -> 1.1.0.BetaX -> 1.1.0.RCX -> 1.1.0 Options: * 1.0.0 (latest release) -> 1.1.0.RC1 -> 1.1.0 * 1.0.0 (latest release) -> 1.1.0.Beta1 -> 1.1.0.RCX -> 1.1.0 Capturing summary of community meeting discussion: Given Ratify is still in early project stage, we have a goal of more frequent release to get early customer feedback. We are proposing pushing a minor release every two month ( monthly release maybe too costly), if release contains complex features accross many compoments, a RC release should be considered to allow for bug report/fixes. - ORAS OCI store index race conditions This probably requires ratify to add a primitive lock Recording: https://youtu.be/YU69CqxbGP8 ------------------- ## Oct 4 2023 ### Announcement: Due to anticipating little quorum, today's community call has been cancelled. Please let us know if you have any updates or new issues through the Slack channel. ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: ### Notes: ------------------- ## Sep 27 2023 ### Announcement: Ratify v1 has been released. Spread the word in your socials. ### Attendees: - Akash Singhal - Juncheng Zhu - Ha Duong Alfie - Binbin Li - Luis Dieguez - Susan Shi ### Actionable Agenda Items: - ### Presentation/Discussion Agenda Items: Triaged latest issues and assigned to V1.1 Beta release. ### Notes: recording: https://youtu.be/83PEg_O6Lpc --------------- ## Sep 20 2023 ### Announcement: ### Attendees: - Yi Zha - Shiwei Zhang - Sajay Antony - Luis Dieguez - JunCHeng Zhu - Akash Singhal - Feynman Zhou - Susan Shi - Binbin Li ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - Negative testing is still WIP. We may need one more day to finalize it and determine the result tomorrow - 1.0 Releae - [SLSA verifying artifacts](https://slsa.dev/spec/v1.0/verifying-artifacts) - Rego Template PR: https://github.com/deislabs/ratify-web/pull/6 - [Failed to use a on-premises registry with Ratify reported by an user in Slack](https://cloud-native.slack.com/archives/C03T3PEKVA9/p1694526608399809). We might need to prioritize a solution for this case since it impacts the first trial experience (Feynman) ### Notes: recording: https://youtu.be/NP_knZQQMBs --------------- ## Sep 13 2023 ### Announcement: ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - doc migration from ratify repo to website - 1.0 Status check - negative test ( by tuesday/Wed) Q: what about security related testing? https://github.com/ossf/scorecard https://artifacthub.io/packages/helm/kyverno/kyverno?modal=security-report - Discuss whats is the next milestone referring gatekeeper milestonse, it looks like we can also follow a alpha->beta->RC -> 1.1 path E.g. v3.13.0-beta.0 -> v3.13.0-beta.1 v3.13.0-rc.1 -> v3.13.0 ### Notes: Question: when we make doc updates in ratify repo, how does it sync to website repo? What should ratify keep design docs? Export existing hackmd deisgn and check in to repo. We can also keep spec in a separate repo or directory. add to Next week agenda ( reading homework): https://slsa.dev/spec/v1.0/verifying-artifacts https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/2572-release-cadence/README.md https://kubernetes.io/blog/2021/07/20/new-kubernetes-release-cadence/ recording: https://youtu.be/JYh-VaCXLh8 --------------- ## Sep 6 2023 ### Announcement: ### Attendees: - Susan Shi - Yi Zha - Xinhe Li - Luis Dieguez - Feynman Zhou - Binbin Li - Juncheng Zhu - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - RC8 release , will proceed with releaseing this week - [same certificateStore name in different namespace](https://github.com/deislabs/ratify/issues/1061) Curently Ratify doesn't support namespaces, it reads all CRs from all namespace, TO be discussed: what is the expected behaviour? - [Evaluate if Ratify CRDs is ready for 1.0](https://github.com/deislabs/ratify/issues/1060) If negative tests show CRD is stable enough we should bump up to 1.0. Question: what about policy that is currently in alpha? any new CRD , do they start at alpha? - GA release - review Negative test cases for Ratify in this [doc](https://hackmd.io/NBHXfkM7QzKBZxsqnukg_A?view) - _add your items_ ### Notes: recording:https://youtu.be/U6VOJe2mtNU --------------- ## Aug 30 2023 ### Announcement: ### Attendees: - Susan - Feynman - Akash - Shiwei - Binbin - Juncheng - Luis - Xinhe ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - [Create Kubernetes support versioning strategy](https://github.com/deislabs/ratify/issues/1015) Would be nice to have a matrix like https://istio.io/latest/docs/releases/supported-releases/#support-status-of-istio-releases We should align our self with Gatekeeper k8 support Regards to CRDS, we should update k8 version in CrdDocker file when we update k8 matrix. - [Implement Readiness Probes](https://github.com/deislabs/ratify/issues/977) We will cost this first and determine when to release this. But sounds like we do need a new endpoint. - [RC8 issues](https://github.com/deislabs/ratify/issues?q=is%3Aopen+is%3Aissue+milestone%3Av1.0.0-rc.8) TODO: Create a issue for bumping up version of CRD - Negative test cases for Ratify is summarized in this [doc](https://hackmd.io/NBHXfkM7QzKBZxsqnukg_A?view) and tracked in [issue #982](https://github.com/deislabs/ratify/issues/982) Please review and add more scenarios if needed. we will review this [doc](https://hackmd.io/NBHXfkM7QzKBZxsqnukg_A?view) and assign scenarios for testing. ### Notes: GK 3.13 introduced a 3 minute TTL. Tests are failing. There is an issue to add in the 3.14 release a flag to adjust the TTL. recording: https://youtu.be/HdVEBO5wf00 --------------- ## Aug 23 2023 ### Announcement: ### Attendees: - Susan - Akash - Yi - Binbin - Juncheng - Shiwei - Feynman - Toddy - Luis - Josh ### Actionable Agenda Items: - [refactor: refactor log](https://github.com/deislabs/ratify/issues/984) We don't current have a way to get logs from extern plugin, TODO: lets create an issue so plugin developers can vote on this - [doc: broken links in crd configuration doc](https://github.com/deislabs/ratify/pull/1008) - [chore: update constraint templates](https://github.com/deislabs/ratify/pull/1017) ### Presentation/Discussion Agenda Items: - [Update Terraform with getSecret](https://github.com/deislabs/ratify/issues/973) (JoshDuffney) Terraform will assign both getCert and getSecret permissions as a worka around - _add your items_ ### Notes: Ratify Performance Load Testing for Azure, please review at https://hackmd.io/@akashsinghal/HJnMY4K22 recording:https://youtu.be/h4ihIX5JTbY --------------- ## Aug 16 2023 ### Announcement: ### Attendees: - Susan - Akash - Binbin - Luis - Shiwei - Feynman - Yi - Toddy - Xinhe - Sajay ### Actionable Agenda Items: - For supporting ARM64 ratify, we should also validate high availability support in ARM64 arch. - Moving authPRoviders support to v1.1 ### Presentation/Discussion Agenda Items: - Consider to move the HA feature from "Experimental" to "Stable" and define the maturity criteria (Feynman) - RC-7 Readiness ( Luis) - TODO: create a v1.1 milestone ### Notes: Feature gate criteria: https://hackmd.io/mWebogJ2QJyPzTH_Th9Yuw?view recording: https://youtu.be/CHjbuKzQQXU ## Aug 09 2023 ### Announcement: ### Attendees: - Susan Shi - Feynman Zhou - Yi Zha - Shiwei Zhang - Luis Dieguez - Sajay Antony ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - [ratify does not support multiple store exists](https://github.com/deislabs/ratify/issues/974) - RC7 breaking changes * chore!: update-notation ref (#940) * TODO: Doc needed for upgrade to Ratify RC7 * Create a issue to discuss if we need to remove OCI artifact manifest support by GA - Considering negative testing before releasing v1.0.0 ( negative test for AKS and Gatekeeper) * Create tracking issue for negative testing testplan and execution ### Notes: recording: https://youtu.be/TbAPc2r-9II --------------- ## Aug 02 2023 ### Announcement: ### Attendees: - Luis Dieguez - Susan Shi - Binbin Li - Yi Zha - Akash Singhal - Shiwei Zhang - Sajay Antony - Josh Duffney - Toddy Mladenov ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - Merge is currently blocked due to bug in SBOM tool [issue 296 ](https://github.com/microsoft/sbom-tool/issues/296) Since we don't have any urgent need to merge PR, we will wait for a day for a fix. - Support Mutation and Verification on Init Containers, https://github.com/deislabs/ratify/issues/950 - [Migrate to latest Azure container registry SDK ](https://github.com/deislabs/ratify/issues/959) we should start the investigation asap ### Notes: We shoud update getCert permission to getSecret https://github.com/duffney/secure-supply-chain-on-aks/blob/main/terraform/main.tf#L133 recording: https://youtu.be/DveKFKhzU-Q --------------- ## July 26 2023 ### Attendees: - Susan Shi - Feynman Zhou - Binbin Li - Shiwei Zhang - Xinhe Li - Yi Zha - Luis Dieguez - Akash Singhal - Sajay Antony - Manish Kumar Singh - _add yourself_ ### Actionable Agenda Items: - [chore: update-notation ref](https://github.com/deislabs/ratify/pull/940) [Yi] ideally we should make this backwards compatible , we need to follow up with Junchen - [feat: optional image mutation in helm chart](https://github.com/deislabs/ratify/pull/944) [Feynman] we should add a warning to note mutation has been turned off - [helm file support](https://github.com/deislabs/ratify/pull/948) [Feynman] Using helm file for quick start is good, but some Concerns on using [helmfile](https://helmfile.readthedocs.io/en/latest/) for scaling Ratify from single instance to HA Helm file is good for clean install, we should add a note about scenario user already have some components installed We might also want to add HA guide when User already have daper/redis installed. - TODO: We need to document current ratify helm upgrade behaviour - Moved https://github.com/deislabs/ratify/issues/744 to GA , we need to provide perf results for single instance vs HA mode. ### Presentation/Discussion Agenda Items: - Branching strategy and release post 1.0 - Patches and support criteria? TODO: we need a github tracking item ### Notes: recording: https://youtu.be/jqsQUreOK_0 --------------- ## July 19 2023 ### Announcement: ### Attendees: - Susan - Binbin - Akash - Yi - Shiwei - Sajay - Feynman - Luis - ### Actionable Agenda Items: - [feat: unify caches, add ristretto and Dapr cache providers](https://github.com/deislabs/ratify/pull/901) - [feat: add policy crd and controller][InternetShortcut] URL=https://df.onecloud.azure-test.net/?Microsoft_Azure_ContainerRegistries=true#dashboard (https://github.com/deislabs/ratify/pull/933) ### Presentation/Discussion Agenda Items: From last wk: Remove TLS cert generation in Helm templates? https://github.com/deislabs/ratify/issues/913 - RC 7 date, TODO: create 1.1 milestone, should Jimmy continue to be in the reviewer list? New RC7 date will be Aug25th 2023 - Jesse will help confirm the maintainer candidate who can represent AWS - [Implement experimental feature flag](https://github.com/deislabs/ratify/issues/932) - Hashicorp go plugin over GPRC investigation, https://hackmd.io/qPe4Tl5wQCW_0ot2KKBUNQ [Akash/Susan] Some plugins might need to share cache. Verifier plugin should have no problem accessing oras blob cache. Can verifier share other in-memoery cache. Maybe its ok cosign verifier doesn't share memory cache with notary plugin. Maybe different instance of verifier can share in memoery cache if they are running in a single grpc. - Migrate the docs to ratify.dev [issue 938](https://github.com/deislabs/ratify/issues/938) - ### Notes: recording: https://youtu.be/VCtBkXpGSD0 --------------- ## July 12 2023 ### Announcement: ### Attendees: - Susan Shi - Binbin Li - Yi Zha - Akash Singhal - Feynman - Juncheng Zhu - Shiwei Zhang - Sajay Antony - _add yourself_ ### Actionable Agenda Items: - [feat: add opa engine and support Rego policy](https://github.com/deislabs/ratify/pull/798) We will maintain both config policy and Rego. Some customers might just want a simple policy configuration where other customer need a more advanced rego. We will wait for more feedback before we set rego as the default. - [feat: unify caches, add ristretto and Dapr cache providers](https://github.com/deislabs/ratify/pull/901) We plan to merge this into RC7 behind a feature flag. We need to differentiate between experimental and features. TODO: create a github issue for adding experimental flag. ### Presentation/Discussion Agenda Items: - OCI Artifact removal plan we will be keeping this as notary removed the capability to genereate oci artifact, but still have the ability to verify oci artifact. - Status update on GPRC investigation, https://hackmd.io/qPe4Tl5wQCW_0ot2KKBUNQ Agreed this is not a GA feature. We should for this into 1.1 milestone for now. We didn't get to discuss the items below, moved to next week's meeting. - Build multi-arch Ratify image: https://github.com/deislabs/ratify/issues/929 - Remove TLS cert generation in Helm templates? https://github.com/deislabs/ratify/issues/913 ### Notes: recording: https://youtu.be/Z36EYQj7YsI --------------- ## July 5 2023 ### Announcement: ### Attendees: - Binbin Li - Feynman Zhou - Luis Diegues - Susan Shi - Toddy - Xinhe Li ### Actionable Agenda Items: - [feat: add opa engine and support Rego policy](https://github.com/deislabs/ratify/pull/798) Waiting for Akash's feedback - PR: [Use latest sbom-tool or stay with a fixed version](https://github.com/deislabs/ratify/pull/917) We ve decided to stay with using the latest version as dependabot will autoupdate version in src code. Binbin will check what is the latestdownload version vs dependabot version. - [build: upgrade e2e test from notation rc3->rc7](https://github.com/deislabs/ratify/pull/919/files) Juncheng has issue running CIs, if this continues to be an issue in future PRs, we need to review his permissions. - [Will pluggable design for Certificate Store be planned before v1.0.0?](https://github.com/deislabs/ratify/issues/908) Certificate Store as a plugin being planned for Post v1, we are hoping to deliver the grpc infra work for v1. ### Presentation/Discussion Agenda Items: - RC 6 , we will reuse the rc5 branch and only apply the workflow fix - [Enable Service-to-Service Communication using gRPC](https://github.com/deislabs/ratify/issues/191) Should we reuse existing protos? https://github.com/deislabs/ratify/blob/main/experimental/ratify/proto/v1/verifier.proto Tho it doesn't look like it matchs our existing [interface](https://github.com/deislabs/ratify/blob/555b7625d0c346ecd177729c801df1e2f5bf3ae4/pkg/verifier/api.go#L39) - Discussion: Remove System_error from constraint template: https://github.com/deislabs/ratify/discussions/920 ### Notes: recording: https://youtu.be/n17xV2hWDuM -------- # Archive ## 2023-Jan 2023-Jun https://github.com/deislabs/ratify/blob/main/archive/meeting-notes/ratify-weekly-notes-2023-Jan-2023-Jun.md ## 2022-Jul 2022-Dec https://github.com/deislabs/ratify/blob/main/archive/meeting-notes/ratify-weekly-notes-2022-Jul-2022-Dec.md ## 2022-Jan 2022-Jun https://github.com/deislabs/ratify/blob/main/archive/meeting-notes/ratify-weekly-notes-2022-Jan-2022-Jun.md) ## 2021-Jul 2021-Dec https://github.com/deislabs/ratify/blob/main/archive/meeting-notes/ratify-weekly-notes-2021-Jul-2021-Dec.md ## Meeting Date ### Attendees: - _add yourself_ ### Actionable Agenda Items: - _add your items_ ### Presentation/Discussion Agenda Items: - _add your items_ ### Notes:

Import from clipboard

Advanced permission required

Your current role can only read. Ask the system administrator to acquire write and comment permission.

This team is disabled

Sorry, this team is disabled. You can't edit this note.

This note is locked

Sorry, only owner can edit this note.

Reach the limit

Sorry, you've reached the max length this note can be.
Please reduce the content or divide it to more notes, thank you!

Import from Gist

Import from Snippet

or

Export to Snippet

Are you sure?

Do you really want to delete this note?
All users will lost their connection.

Create a note from template

Create a note from template

Oops...
This template is not available.


Upgrade

All
  • All
  • Team
No template found.

Create custom template


Upgrade

Delete template

Do you really want to delete this template?

This page need refresh

You have an incompatible client version.
Refresh to update.
New version available!
See releases notes here
Refresh to enjoy new features.
Your user state has changed.
Refresh to load new user state.

Sign in

Forgot password

or

By clicking below, you agree to our terms of service.

Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox

New to HackMD? Sign up

Help

  • English
  • 中文
  • Français
  • Deutsch
  • 日本語
  • Español
  • Català
  • Ελληνικά
  • Português
  • italiano
  • Türkçe
  • Русский
  • Nederlands
  • hrvatski jezik
  • język polski
  • Українська
  • हिन्दी
  • svenska
  • Esperanto
  • dansk

Documents

Tutorials

Book Mode Tutorial

Slide Mode Tutorial

YAML Metadata

Contacts

Facebook

Twitter

Discord

Feedback

Send us email

Resources

Releases

Pricing

Blog

Policy

Terms

Privacy

Cheatsheet

Syntax Example Reference
# Header Header 基本排版
- Unordered List
  • Unordered List
1. Ordered List
  1. Ordered List
- [ ] Todo List
  • Todo List
> Blockquote
Blockquote
**Bold font** Bold font
*Italics font* Italics font
~~Strikethrough~~ Strikethrough
19^th^ 19th
H~2~O H2O
++Inserted text++ Inserted text
==Marked text== Marked text
[link text](https:// "title") Link
![image alt](https:// "title") Image
`Code` Code 在筆記中貼入程式碼
```javascript
var i = 0;
```		 
var i = 0;
:smile: :smile: Emoji list
{%youtube youtube_id %} Externals
$L^aT_eX$ LaTeX
:::info
This is a alert area.
:::

This is a alert area.

Versions

Versions and GitHub Sync

Sign in to link this note to GitHub Learn more
This note is not linked with GitHub Learn more
 
Add badge Pull Push GitHub Link Settings
Upgrade now

Version named by    

More Less
  • Edit
  • Delete

Note content is identical to the latest version.
Compare with
    Choose a version
    No search result
    Version not found

Feedback

Submission failed, please try again

Thanks for your support.

On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

Please give us some advice and help us improve HackMD.

 

Thanks for your feedback

Remove version name

Do you want to remove this version name and description?

Transfer ownership

Transfer to
    Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

      Link with GitHub

      Please authorize HackMD on GitHub

      Please sign in to GitHub and install the HackMD app on your GitHub repo. Learn more

       Sign in to GitHub

      HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.

      Push the note to GitHub Push to GitHub Pull a file from GitHub

        Authorize again
       

      Choose which file to push to

      Select repo
      Refresh Authorize more repos
      Select branch
      Select file
      Select branch
      Choose version(s) to push
      • Save a new version and push
      • Choose from existing versions
      Available push count

      Upgrade

      Pull from GitHub

       
      File from GitHub
      File from HackMD

      GitHub Link Settings

      File linked

      Linked by
      File path
      Last synced branch
      Available push count

      Upgrade

      Danger Zone

      Unlink
      You will no longer receive notification when GitHub file changes after unlink.

      Syncing

      Push failed

      Push successfully