Update trustchain.md (#3862)

This commit is contained in:
Wang Jie 2017-07-13 03:03:00 +08:00 committed by John Mulhausen
parent fcf2883446
commit ee981e6e86
1 changed files with 2 additions and 2 deletions

View File

@ -44,11 +44,11 @@ image certification and publishing process as outlined below:
2. Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. [Read more detail about Content Trust in Docker's documentation](/engine/security/trust/content_trust/#understand-trust-in-docker).
3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team
3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team.
4. The Docker Store certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks.
5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers that the full certification process was completed by checking Dockers signature by pulling and running with Docker Content Trust:
5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Dockers signature by pulling and running with Docker Content Trust:
```shell
DOCKER_CONTENT_TRUST=1 docker pull <image>