From ee981e6e86582efc63b1ea88c6fedaf733062cdd Mon Sep 17 00:00:00 2001 From: Wang Jie Date: Thu, 13 Jul 2017 03:03:00 +0800 Subject: [PATCH] Update trustchain.md (#3862) --- docker-store/trustchain.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-store/trustchain.md b/docker-store/trustchain.md index 8f3e990d55..a57d32fb01 100644 --- a/docker-store/trustchain.md +++ b/docker-store/trustchain.md @@ -44,11 +44,11 @@ image certification and publishing process as outlined below: 2. Docker verifies the signatures to guarantee authenticity, integrity, and freshness of the image. All of the individual layers of your image, and the combination thereof, are encompassed as part of this verification check. [Read more detail about Content Trust in Docker's documentation](/engine/security/trust/content_trust/#understand-trust-in-docker). -3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team +3. Upon a successful signature verification, Docker pulls the original image to a private, internal staging area only accessible to the Docker Store certification team. 4. The Docker Store certification team performs a thorough review of the image, looking for vulnerabilities and verifying best practices for image hygiene, such as ensuring minimal image sizes and working health-checks. -5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust: +5. Upon a successful review, Docker signs the image and makes it officially available on Docker Store. Similar to artifacts on the Apple Store, this is the final and only signature on the image. Your consumers confirm that the full certification process was completed by checking Docker’s signature by pulling and running with Docker Content Trust: ```shell DOCKER_CONTENT_TRUST=1 docker pull