Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that container images upgrade only go upwards #1070

Open
almet opened this issue Jan 30, 2025 · 0 comments
Open

Ensure that container images upgrade only go upwards #1070

almet opened this issue Jan 30, 2025 · 0 comments
Labels
icu Issues related with independent container updates
Milestone
0.9.0

Comments

@almet
Copy link
Member

almet commented Jan 30, 2025

With Independent Container Updates, one attack vector is to provide older container images to a client. When upgrading to a new version of the container image, we should ensure that the version is actually newer than the previous one.

One way to do this is to rely on the Bundle.logIndex field provided by signatures, which will be signed by a trusted public key.
@almet almet added the icu Issues related with independent container updates label Jan 30, 2025
@almet almet added this to the 0.9.0 milestone Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
icu Issues related with independent container updates
Projects
Dangerzone ✨
Status: Todo
Milestone
0.9.0
Development

No branches or pull requests
1 participant
@almet