There also a very interesting sub-discussion about bundling Notary and TUF together, an what the implications are for pairing image signing and package signing into a single request. While TUF can be seen as a next gen tool for signing groups of digital content, it's relationship at this point to Notary is yet to be solidified.
https://github.com/cncf/toc/pull/38
and the voting here, in case you'd like to see into the decision making process that went into this:
https://lists.cncf.io/pipermail/cncf-toc/2017-October/001309...
There also a very interesting sub-discussion about bundling Notary and TUF together, an what the implications are for pairing image signing and package signing into a single request. While TUF can be seen as a next gen tool for signing groups of digital content, it's relationship at this point to Notary is yet to be solidified.