Digital signature verification
Docker, the popular open source container company, has announced that it has added the digital signature verification to Docker images. This will ensure that when you download a containerized application from an official Docker repository, you get the real version. At this point in time, the Docker engine automatically checks the provenance and integrity of all the images in the official repository using digital signatures. A digital signature brings on an additional trust on Docker images. That is, the particular Docker image was not tampered or twisted, and hence, it is ready to be fully used with all the confidence and clarity.
This newly-added cryptographic verification is used to provide users with an additional assurance of security. In the future, there will be features, such as publisher authentication, image integrity and authorization, public key infrastructure (PKI) management, and many more for both image publishers, as well as consumers. If an...