In Docker Trusted Registry, is this how a user can prevent an image, such as ‘nginx:latest’, from being overwritten by another user with push access to the repository?
Use the DTR web UI to make all tags in the repository immutable.
In Docker Trusted Registry, is this how a user can prevent an image, such as ‘nginx:latest’, from being overwritten by another user with push access to the repository?
Use the DTR web UI to make all tags in the repository immutable.
A is correct
Image Immutability As of DTR 2.3.0, there is an option to set a repository to Immutable. Setting a repository to Immutable means the tags can not be overwritten. This is a great feature for ensure the base images do not change over time. This next example is of the Alpine base image. Ideally CI would update the base image and push to DTR with a specific tag. Being Immutable simply guarantees that an authorized user can always go back to the specific tag and trust it has not changed. An Image Promotion Policy can extend on this. I would go for A.