What is the areas you experience the issue in?
Notation CLI
What is not working as expected?
The flag --plain-http allows notation commands to establish an insecure connection to registries, which is implicit to users. This could be a security risk if users connect to an insecure registry.
This flag exists for the following commands:
notation sign
notation verify
notation list
notation inspect
notation login
What did you expect to happen?
Update the description of the flag to explicitly inform users that this flag allows insecure connection to registries. for example:
--plain-http Use HTTP protocol while connecting to registries. Use it only for testing purposes.
How can we reproduce it?
Run help command
Describe your environment
WSL
What is the version of your Notation CLI or Notation Library?
v1.0.0-rc.3