Chains should stop signing artifacts type-hinted in pipelines

[arewm]

Feature request

Chains uses type hinting to identify the artifacts that might be produced in a pipeline. Even if it was possible for Chains to identify whether the artifact was produced in the pipeline, Chains knows nothing about the artifact.

Since Chains knows nothing about, a consumer of the signed artifacts would not have any additional hardened security posture by requiring this Chains produced signature. At best, consumers would know to effectively ignore the signature. At worst, consumers would put additional trust in the signature which can be easily applied to untrusted artifacts.

If signatures are just used to ensure that artifacts are not mutated from when they were produced, the generated SLSA provenance can be used as this also is created with the Chains identity.

Use case

Consumers of signatures might want to use signature verification as a means to hardening a software supply chain. Therefore, signatures should have a specific meaning which maps to a supply chain hardening pattern.

[lcarva]

Yes!

To clarify, this is about making Chains stop signing container images. This is not about slsa provenance attestation signatures. Those are unaffected and should continue to be produced and signed by Chains. That's what Chains is for after all.

I believe the desired state can be achieved today by setting artifacts.oci.storage to an empty string, "". This feature request is about making it not possible for Chains to sign a container image.

[arewm]

Yes, exactly. Thanks for precisely clarifying that.