mirror of
https://github.com/docker/tuf
synced 2026-04-05 19:43:25 +00:00
No description
- Open Policy Agent 81.4%
- Go 18.6%
|
|
||
|---|---|---|
| .github | ||
| ceremony | ||
| metadata | ||
| targets | ||
| tools/key-verification | ||
| .gitignore | ||
| go.mod | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
| SECURITY.md | ||
TUF
Docker's production TUF repository generated using TUF-on-CI.
The TUF metadata can be found in the metadata directory.
The TUF targets can be found under the targets directory. The
TUF targets for
Docker Official Images (DOI),
specifically the policies used to verify DOI, can be found in the
targets/doi directory.
Signing Ceremony
The process used to establish Docker's production TUF root is documented in CEREMONY.md.
Keys
| Keyholder Name | Keyholder GitHub ID | Role | Serial Number |
|---|---|---|---|
| Jean Laurent | jeanlaurent | Root | 28751288 |
| Alex Hokanson | ingshtrom | Root | 25515142 |
| Brett Inman | binman-docker | Root | 25515991 |
| Christian Dupuis | cdupuis | Root | 25599865 |
| Rachel Taylor | rachel-taylor-docker | Root | 25515264 |
| Laurent Goderre | LaurentGoderre | Delegated Targets (DOI) | 25515985 |
| Tianon Gravi | tianon-sso | Delegated Targets (DOI) | 25515137 |
| Joseph Ferguson | yosifkit | Delegated Targets (DOI) | 25515267 |
| Joel Kamp | mrjoelkamp | Targets, Delegated Targets (DOI) | 25515139 |
| David Dooling | whalelines | Targets, Delegated Targets (DOI) | 25515003 |
| James Carnegie | kipz | Targets, Delegated Targets (DOI) | 28751259 |
| Jonny Stoten | jonnystoten | Targets, Delegated Targets (DOI) | 28751258 |
Verifying
To verify the TUF root key attestations, see key verification README.
Security reporting
If you have any security concerns please follow SECURITY.md