boma/docs/decisions
sjat 2f4218814a Reconcile image pinning to a tiered tag@digest rule
Resolve the conflict between ADR-011 (tags-not-digests) and the security work
(digest pinning) with one coherent rule that respects ADR-011's stateless/stateful
split:

- Stateful → pin `tag@digest` (readable tag + integrity digest): legible diffs AND
  tamper-evidence. Snapshots cover broken updates; the digest covers swapped images.
- Stateless → rolling tags (latest/stable); digest-pinning would defeat the rolling
  design. Integrity rests on official/verified images + disposability.

Aligned across ADR-011 (decision 2), ADR-004 (image management), ADR-002
(supply-chain row), accepted-risk R1, the service checklist, and TODO 15.6.
TODO 16.7 marked decided.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 19:21:36 +02:00
..
001-architecture.md Reconcile CI to trunk-based; mark base/docker_host not-built (R6-R8,R15-R16) 2026-05-30 19:32:37 +02:00
002-security.md Reconcile image pinning to a tiered tag@digest rule 2026-06-04 19:21:36 +02:00
003-toolchain.md Reconcile CI to trunk-based; mark base/docker_host not-built (R6-R8,R15-R16) 2026-05-30 19:32:37 +02:00
004-docker-model.md Reconcile image pinning to a tiered tag@digest rule 2026-06-04 19:21:36 +02:00
005-bootstrapping.md Purge residual .vault_pass references (review R1-R5) 2026-05-30 19:17:25 +02:00
006-terraform.md Use local Terraform state; drop unworkable Forgejo HTTP backend (R10b) 2026-05-30 21:34:05 +02:00
007-network.md Correct Forgejo host to forgejo.nyumbani.baobab.band 2026-05-30 18:16:38 +02:00
008-testing.md Fix Forgejo registry path to owner/image format (review R10a) 2026-05-30 21:34:02 +02:00
009-provisioning-handoff.md Correct Forgejo host to forgejo.nyumbani.baobab.band 2026-05-30 18:16:38 +02:00
010-forgejo-ci.md Record the Vaultwarden item name for the Forgejo token in ADR-010 2026-05-30 21:35:24 +02:00
011-update-management.md Reconcile image pinning to a tiered tag@digest rule 2026-06-04 19:21:36 +02:00
012-hardware-capacity.md Note latest.md report mirror in ADR-012 2026-06-01 10:40:16 +02:00
013-heritage-v4.md Add ADR-013 (V4 heritage policy); track ADR-011 2026-06-04 19:07:48 +02:00