Docker Trust Initialization
问题 When the initial trust on docker content trust with notary on tuf is initialized I understand how TUF, Notary and Content Trust works. But what is not clear to me is, how the initial trust is setup. How do I know, that the first pull is not a compromised one and the initial root.json is trustworthy? So for example if I do docker pull with content-trust enabled, I will only get signed images. But how do I verify, that this image is signed by the right person? 回答1: Notary creator and maintainer