Decentralized trust sounds great, but unless I can locally reproduce and verify every OCI layer you publish I'm still ultimately trusting your Containerfiles the same way Guix users trust their package definitions.
The digest of each OCI layer is the trust root here: you rebuild the Containerfile, compare the SHA256 from your local oci-layout to the published manifest, and you are done no maintainer signing key in the loop. Same idea as Guix s nar hashes, just piggy-backing on the registry protocol so the stock container tooling already does the integrity check for you.
sha256sum(1) alone is not a trust model. If the registry 503s or silently swaps a layer behind the same tag you're toast, and the client has zero clue about the provenance of the bits inside that tarball. Guix/Nix bake the full dependency graph into the path so you can actually audit it; OCI just hands you a pile of blobs over HTTP. Convenient, maybe, but calling it decentralization is marketing fluff.
Decentralized trust sounds great, but unless I can locally reproduce and verify every OCI layer you publish I'm still ultimately trusting your Containerfiles the same way Guix users trust their package definitions.
The digest of each OCI layer is the trust root here: you rebuild the Containerfile, compare the SHA256 from your local
oci-layoutto the published manifest, and you are done no maintainer signing key in the loop. Same idea as Guix s nar hashes, just piggy-backing on the registry protocol so the stock container tooling already does the integrity check for you.sha256sum(1) alone is not a trust model. If the registry 503s or silently swaps a layer behind the same tag you're toast, and the client has zero clue about the provenance of the bits inside that tarball. Guix/Nix bake the full dependency graph into the path so you can actually audit it; OCI just hands you a pile of blobs over HTTP. Convenient, maybe, but calling it decentralization is marketing fluff.